{"id":670,"date":"2011-08-19T01:45:27","date_gmt":"2011-08-19T05:45:27","guid":{"rendered":"http:\/\/mrhost.ca\/system\/?p=670"},"modified":"2011-08-19T01:45:27","modified_gmt":"2011-08-19T05:45:27","slug":"php-5-3-7-upgrade","status":"publish","type":"post","link":"https:\/\/mrhost.ca\/system\/2011\/08\/php-5-3-7-upgrade\/","title":{"rendered":"PHP 5.3.7 Upgrade"},"content":{"rendered":"<p>This evening all Mr.Host web servers have been upgraded to PHP 5.3.7<\/p>\n<p><strong>Security Enhancements and Fixes in PHP 5.3.7:<\/strong><\/p>\n<ul>\n<li>Updated crypt_blowfish to 1.2. (CVE-2011-2483)<\/li>\n<li>Fixed crash in error_log(). Reported by Mateusz Kocielski<\/li>\n<li>Fixed buffer overflow on overlog salt in crypt().<\/li>\n<li>Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)<\/li>\n<li>Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)<\/li>\n<li>Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)<\/li>\n<\/ul>\n<p><strong>Key enhancements in PHP 5.3.7 include:<\/strong><\/p>\n<ul>\n<li>Upgraded bundled Sqlite3 to version 3.7.7.1<\/li>\n<li>Upgraded bundled PCRE to version 8.12<\/li>\n<li>Fixed bug #54910 (Crash when calling call_user_func with unknown function name)<\/li>\n<li>Fixed bug #54585 (track_errors causes segfault)<\/li>\n<li>Fixed bug #54262 (Crash when assigning value to a dimension in a non-array)<\/li>\n<li>Fixed a crash inside dtor for error handling<\/li>\n<li>Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off)<\/li>\n<li>Fixed bug #54935 php_win_err can lead to crash<\/li>\n<li>Fixed bug #54332 (Crash in zend_mm_check_ptr \/\/ Heap corruption)<\/li>\n<li>Fixed bug #54305 (Crash in gc_remove_zval_from_buffer)<\/li>\n<li>Fixed bug #54580 (get_browser() segmentation fault when browscap ini directive is set through php_admin_value)<\/li>\n<li>Fixed bug #54529 (SAPI crashes on apache_config.c:197)<\/li>\n<li>Fixed bug #54283 (new DatePeriod(NULL) causes crash).<\/li>\n<li>Fixed bug #54269 (Short exception message buffer causes crash)<\/li>\n<li>Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries)<\/li>\n<li>Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters)<\/li>\n<li>Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and SplTempFileObject crash when user-space classes don&#8217;t call the parent constructor)<\/li>\n<li>Fixed bug #54292 (Wrong parameter causes crash in SplFileObject::__construct())<\/li>\n<li>Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting with \\0)<\/li>\n<li>Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator)<\/li>\n<li>Fixed bug #54623 (Segfault when writing to a persistent socket after closing a copy of the socket)<\/li>\n<li>Fixed bug #54681 (addGlob() crashes on invalid flags)<\/li>\n<li>Over 80 other bug fixes.<\/li>\n<\/ul>\n<div>For a full list of changes in PHP 5.3.7, see the\u00a0<a href=\"http:\/\/ca2.php.net\/ChangeLog-5.php#5.3.7\">ChangeLog<\/a>.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>This evening all Mr.Host web servers have been upgraded to PHP 5.3.7 Security Enhancements and Fixes in PHP 5.3.7: Updated crypt_blowfish to 1.2. (CVE-2011-2483) Fixed crash in error_log(). Reported by Mateusz Kocielski Fixed buffer overflow on overlog salt in crypt(). Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,7,3],"tags":[],"_links":{"self":[{"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/posts\/670"}],"collection":[{"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/comments?post=670"}],"version-history":[{"count":3,"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/posts\/670\/revisions"}],"predecessor-version":[{"id":673,"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/posts\/670\/revisions\/673"}],"wp:attachment":[{"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/media?parent=670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/categories?post=670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/tags?post=670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}