Hardening-Patch v0.4.7 released




28. November 2005

In response to the release of PHP 5.1.1 which fixes a safe_mode/open_basedir bypass security hole in ext/curl, the Hardening-Patch 0.4.7 for PHP was released.

This patch backports the ext/curl security fix from PHP 5.1.1 and fixes a problem that caused PHP to trigger a 'linked list canary overwritten' message (and maybe a crash) when a shared PHP extension was loaded. This problem was introduced in 0.4.6 due to a change in the linked list canary protection. The code was comparing the canary against the wrong value in the case of persistent linked lists.

Download:
  • as patch against the released PHP tarball
  • NEW: as prepatched tarball


Note: the tarballs for 4.4.1 and 5.0.5 were changed to fix a compile problem
© Hardened PHP Project