MDVSA-2010:139 -- Mandriva phpID: oval:org.secpod.oval:def:301152 | Date: (C)2012-01-07 (M)2024-02-19 |
Class: PATCH | Family: unix |
This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Security Enhancements and Fixes in PHP 5.2.14: * Rewrote var_export to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs . * Fixed a possible interruption array leak in strrchr. * Fixed a possible interruption array leak in strchr, strstr, substr, chunk_split, strtok, addcslashes, str_repeat, trim. * Fixed a possible memory corruption in substr_replace. * Fixed SplObjectStorage unserialization problems . * Fixed a possible stack exaustion inside fnmatch. * Fixed a NULL pointer dereference when processing invalid XML-RPC requests . * Fixed handling of session variable serialization on certain prefix characters. * Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. Additionally some of the third party extensions has been upgraded and/or rebuilt for the new php version. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |
Mandriva Linux 2008.0 |