More Security Fixes for PHP 4.4.2 and 5.1.4




19. July 2006

About 6 months ago a critical security hole in PHP was disclosed by us to php.net. The code in question was fixed in very short time within the official PHP CVS. While php.net released a fixed PHP 5.1.4 in May there is after 6 months still no official security fix for PHP 4. Therefore in May we had already released fixes for the vulnerability within our first security fix pack.

Now two months later there are still no new releases of PHP 4 or PHP 5.1 although php.net knows for some time now, that there are more security vulnerabilities and that some of the older ones were never correctly fixed.

Because of the ongoing decay of php.net's responses to security problems we again step in and provide our users with updated security fixes for PHP 4.4.2 and PHP 5.1.4. This includes fixes for all the security problems that were reported to php.net but got lost in their chaos. If you use PHP packages from your favourite linux distribution chances are high that their updated packages already contain the same fixes, because the PHP maintainers of several linux distributions have helped creating the updated PHP Security Fix Pack.

You can find our updated security fixes for PHP 4.4.2 and PHP 5.1.4, in our download area. A detailed list of fixes is listed within the changelog which is bundled with the security fix pack.

As usual these fixes are already in the latest version of the Hardening-Patch (0.4.12)
© Hardened PHP Project