PHP 5.4.1

Posted by & filed under PHP.

On april 26th 2012, the PHP group has released PHP 5.4.1 too, that brings over 60 bug fixes, some of which are security related : Security Enhancements and Fixes in PHP 5.4.1: Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). Add open_basedir checks to readline_write_history and readline_read_history. Key enhancements in… Read more »

PHP 5.3.11

Posted by & filed under PHP.

On april 26th 2012, the PHP group has released PHP 5.3.11, that brings over 60 bug fixes, some of which are security related : Security Enhancements and Fixes in PHP 5.3.11: Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). Add open_basedir checks to readline_write_history and readline_read_history. Fixed bug #61043 (Regression… Read more »

Packages of PHP 5.4.0 have been updated

Posted by & filed under PHP.

Now that PHP 5.4.0 packages have been published as preview, issues have to be fixed. That’s why these packages have been updated with the following changes : gzopen64() has been wrongly introduced on the i386 architecture, instead of the regular gzopen(). It is now fixed. PCRE functions did not support Unicode. That’s ok now. APC has… Read more »

PHP 5.4.0 preview packages

Posted by & filed under PHP.

After many months of active development, PHP 5.4.0 is now generally available : The PHP development team is proud to announce the immediate release of PHP 5.4.0. This release is a major improvement in the 5.x series, which includes a large number of new features and bug fixes. Some of the key new features include: traits, a shortened… Read more »

Security update : PHP 5.3.10

Posted by & filed under PHP.

A few hours ago, PHP 5.3.10 has been released by the PHP Group. It’s an important security update for PHP 5.3.9 users : Stefan Esser discovered a remotely exploitable bug, introduced with PHP 5.3.9’s max_input_vars directive (CVE-2012-0830). You really should upgrade as soon as possible. Packages of PHP 5.3.10 are now available for : both Debian… Read more »

Advisory : buffer overflow in php5-suhosin

Posted by & filed under PHP.

A few days ago, Stefan Esser discovered a buffer overflow in the “transparent cookie encryption stack” of the Suhosin extension. Here is the full advisory. If you previously installed the php5-suhosin package, you should upgrade to its fixed new version (0.9.33) by running : apt-get update apt-get install –reinstall php5-suhosin

PHP 5.3.9

Posted by & filed under PHP.

On january 10th 2012, the PHP group has released PHP 5.3.9, that brings over 90 bug fixes, some of which are security related : Security Enhancements and Fixes in PHP 5.3.9: Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885) Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566) Key… Read more »

PHP 5.3.8 is available

Posted by & filed under PHP.

On August 18th, the PHP Group released PHP 5.3.7 with many security enhancements and many bugfixes. Sadly, it suffered from an issue with the crypt() function , forcing the PHP Group to publish PHP 5.3.8 (that fixes a mysqlnd issue with SSL connections too). I’m glad too announce that PHP 5.3.8 packages are now available on Dotdeb for both… Read more »

PHP 5.3.6 is available

Posted by & filed under PHP.

On March 17th, the PHP Group released PHP 5.3.6. This maintainance release, that focuses on security, is now available on Dotdeb for Debian 6.0 “Squeeze” in amd64 and i386 flavours. The compatibility with the official Debian packages has been improved and you (especially the FPM users) should really take care of some important changes that I… Read more »

Let’s monitor your PHP applications with Pinba

Posted by & filed under PHP.

Do you know Pinba? It’s a great tool and you really should use it on your LAMP platform. Pinba is a realtime monitoring/statistics server for PHP using MySQL as a read-only interface. It accumulates and processes data sent over UDP by multiple PHP processes and displays statistics in a nice human-readable form of simple “reports“, also… Read more »