Friday, February 3rd, 2012
A few hours ago, PHP 5.3.10 has been released by the PHP Group. It's an important security update for PHP 5.3.9 users : Stefan Esser discovered a remotely exploitable bug, introduced with PHP 5.3.9's max_input_vars directive (CVE-2012-0830). You really should upgrade as soon as possible.
Packages of PHP 5.3.10 are now available ...
Posted in PHP | 8 Comments »
Tuesday, January 24th, 2012
A few days ago, Stefan Esser discovered a buffer overflow in the "transparent cookie encryption stack" of the Suhosin extension. Here is the full advisory.
If you previously installed the php5-suhosin package, you should upgrade to its fixed new version (0.9.33) by running :
apt-get update
apt-get install --reinstall php5-suhosin
Posted in PHP | 17 Comments »
Thursday, January 12th, 2012
On january 10th 2012, the PHP group has released PHP 5.3.9, that brings over 90 bug fixes, some of which are security related :
Security Enhancements and Fixes in PHP 5.3.9:
Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). ...
Posted in PHP | 66 Comments »
Tuesday, August 30th, 2011
On August 18th, the PHP Group released PHP 5.3.7 with many security enhancements and many bugfixes. Sadly, it suffered from an issue with the crypt() function , forcing the PHP Group to publish PHP 5.3.8 (that fixes a mysqlnd issue with SSL connections too).
I'm glad too announce that PHP 5.3.8 packages are now available ...
Posted in PHP | 43 Comments »
Saturday, April 9th, 2011
On March 17th, the PHP Group released PHP 5.3.6. This maintainance release, that focuses on security, is now available on Dotdeb for Debian 6.0 "Squeeze" in amd64 and i386 flavours.
The compatibility with the official Debian packages has been improved and you (especially the FPM users) should really take care of some ...
Posted in PHP | 109 Comments »
Monday, January 31st, 2011
Do you know Pinba? It's a great tool and you really should use it on your LAMP platform.
Pinba is a realtime monitoring/statistics server for PHP using MySQL as a read-only interface.
It accumulates and processes data sent over UDP by multiple PHP processes and displays statistics in a nice human-readable form of ...
Posted in PHP | 7 Comments »
Tuesday, January 11th, 2011
I just released PHP 5.3.5 packages for Debian 6.0 (a.k.a "Squeeze"), with some changes against the Lenny's ones :
the packaging process has been improved : dependencies were cleaned up, PHP tests are now displayed, libtool 2.2 is now supported (thanks to the Debian team for their precious work)
3 new useful ...
Posted in PHP | 41 Comments »
Friday, January 7th, 2011
A few days after releasing PHP 5.3.4 and PHP 5.2.16, the PHP group announced an important security update with PHP 5.3.5 and PHP 5.2.17 :
This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang ...
Posted in PHP | 23 Comments »
Monday, January 3rd, 2011
After PHP 5.3.4 has been released by the PHP Group and after the corresponding Suhosin patch has been published by Stefan Esser, the PHP 5.3.4 packages for Debian "Lenny" 5.0 are now available on Dotdeb. Thanks for your patience.
Follow these instructions if you're installing them for the first time. And as ...
Posted in PHP | 14 Comments »
Monday, January 3rd, 2011
PHP 5.2.16 has been released by the PHP Group a few days after PHP 5.2.15 (fixing an open_basedir issue). It is now available on Dotdeb for your Debian "Lenny" servers.
This maintainance release marks the end of support for PHP 5.2. You are strongly encouraged to upgrade to PHP 5.3 (read ...
Posted in PHP | 2 Comments »