{"id":803,"date":"2012-07-02T16:23:39","date_gmt":"2012-07-02T20:23:39","guid":{"rendered":"http:\/\/mrhost.ca\/system\/?p=803"},"modified":"2012-07-02T16:23:39","modified_gmt":"2012-07-02T20:23:39","slug":"php-5-3-14-upgrade","status":"publish","type":"post","link":"https:\/\/mrhost.ca\/system\/2012\/07\/php-5-3-14-upgrade\/","title":{"rendered":"PHP 5.3.14 Upgrade"},"content":{"rendered":"<p>This evening all Mr.Host web servers have been upgraded to PHP 5.3.14. We missed a few updates between 5.3.10 and 5.3.14, so this post outlines all the changes since 5.3.10.<\/p>\n<h3>5.3.11<\/h3>\n<p style=\"padding-left: 30px;\">Security Enhancements for both PHP 5.3.11 and PHP 5.4.1:<\/p>\n<ul>\n<ul>\n<li>Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).<\/li>\n<li>Add open_basedir checks to readline_write_history and readline_read_history.<\/li>\n<\/ul>\n<\/ul>\n<p style=\"padding-left: 30px;\">Security Enhancement affecting PHP 5.3.11 only:<\/p>\n<ul>\n<ul>\n<li>Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).<\/li>\n<\/ul>\n<\/ul>\n<p style=\"padding-left: 30px;\">Key enhancements in these releases include:<\/p>\n<ul>\n<ul>\n<li>Added debug info handler to DOM objects.<\/li>\n<li>Fixed bug #61172 (Add Apache 2.4 support).<\/li>\n<\/ul>\n<\/ul>\n<h3>5.3.12, 5.3.13<\/h3>\n<p style=\"padding-left: 30px;\">The releases complete a fix for a\u00a0<a href=\"http:\/\/www.php.net\/archive\/2012.php#id2012-05-03-1\" target=\"_blank\">vulnerability<\/a>\u00a0in CGI-based setups (CVE-2012-2311).\u00a0<em>Note: mod_php and php-fpm are not vulnerable to this attack.<\/em><\/p>\n<p style=\"padding-left: 30px;\">PHP 5.4.3 fixes a buffer overflow vulnerability in the\u00a0<a href=\"http:\/\/php.net\/manual\/function.apache-request-headers.php\" target=\"_blank\">apache_request_headers()<\/a>\u00a0(CVE-2012-2329). The PHP 5.3 series is not vulnerable to this issue.<\/p>\n<h3>5.3.14<\/h3>\n<p style=\"padding-left: 30px;\">The release fixes multiple security issues: A weakness in the DES implementation of\u00a0<a href=\"http:\/\/docs.php.net\/crypt\" target=\"_blank\">crypt<\/a>\u00a0and a heap overflow issue in the phar extension<\/p>\n<p style=\"padding-left: 30px;\">PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs. Please note that the use of\u00a0<em>php:\/\/fd<\/em>\u00a0streams is now restricted to the CLI SAPI<\/p>\n<p>For a full list of changes from PHP v 5.3.10 to 5.3.14, see the\u00a0<a href=\"http:\/\/php.net\/ChangeLog-5.php\" target=\"_blank\">ChangeLog<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This evening all Mr.Host web servers have been upgraded to PHP 5.3.14. We missed a few updates between 5.3.10 and 5.3.14, so this post outlines all the changes since 5.3.10. 5.3.11 Security Enhancements for both PHP 5.3.11 and PHP 5.4.1: Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). Add [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[7,3],"tags":[],"_links":{"self":[{"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/posts\/803"}],"collection":[{"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/comments?post=803"}],"version-history":[{"count":7,"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/posts\/803\/revisions"}],"predecessor-version":[{"id":810,"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/posts\/803\/revisions\/810"}],"wp:attachment":[{"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/media?parent=803"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/categories?post=803"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mrhost.ca\/system\/wp-json\/wp\/v2\/tags?post=803"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}