PHP 5.1.4 Security Fixes released




13. May 2006

Several days ago PHP 5.1.4 was released by PHP.net which fixes a number of security bugs. Unfortunately we discovered that the release tarball lacks the pear installer which result in 'make install' downloading it from the web during the installation process.

Because 'make install' is usually called as root and the download occurs via wget over an unsecured HTTP connection this is a security risk for anyone installing PHP without disabling PEAR.

Additionally we discovered a open_basedir and safe_mode bypass vulnerability that can be exploited through the recently (5.1.x) introduced realpath() cache. This affects systems where open_basedir/safe_mode is not globally enabled but per VHOST.

To close both potential holes we have decided to release a security fix for PHP 5.1.4, which you can find in our download area.

As usual these fixes are already in the latest version of the Hardening-Patch (0.4.11)
© Hardened PHP Project