On TV.com: SUPERNATURAL Breaks with a Bang

BNET Business Network:: BNET; TechRepublic; ZDNet

Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

December 8th, 2008

PHP 5.2.7 removed from distribution over security bug

Posted by Ryan Naraine @ 8:47 am

Categories: Data theft, Exploit code, Linux, Locally Running Web Servers, Open source, Patch Watch, Pen testing, Responsible disclosure, Vulnerability research

Tags: Security, PHP, Security Bug, Scripting Languages, Software/Web Development, Web Development, Ryan Naraine

PHP 5.2.7 removed from distribution over security bug The open-source PHP Group has removed PHP version 5.2.7 from distribution because of a security bug that affects certain configurations.

According to a notice from the Apache-backed project, PHP users should use version 5.26 until PHP 5.2.8 is released with a fix for this issue.

Due to a security bug found in the PHP 5.2.7 release, it has been removed from distribution. The bug affects configurations where magic_quotes_gpc is enabled, because it remains off even when set to on. In the meantime, use PHP 5.2.6 until PHP 5.2.8 is later released.

The magic quotes feature has been deprecated and removed as of PHP 6.0.0. “Relying on this feature is highly discouraged,” PHP warns.

Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Talkback
Most Recent of 1 Talkback(s)

Oh dear. That's not good. no_zd_user_name | 12/08/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Key Strategies for Federal Agencies - Safe and Cost Effective Migration for Legacy Hardware GovConnection The federal government has mandated that federal agencies reduce energy ... Download Now

Recent Entries

Blogs From Our Sponsors

Top Rated

Facebook password-reset spam is Bredolab botnet attack+46 votes
Microsoft confirms 'detailed' Windows 7 exploit+43 votes
Thousands of web sites compromised, redirect to scareware+43 votes
Firefox hit by multiple drive-by download flaws+41 votes
Which antivirus is best at removing malware?+40 votes
iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
Mac OS X mega patch covers 58 security vulnerabilities+26 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More