by Dennis Fisher January 23, 2015
Several new versions of PHP have been released, fixing a number of security vulnerabilities and other bugs in the popular scripting language.
PHP 5.6.5 is the newest version of the language, and it has patches for a handful of vulnerabilities, including a use-after-free flaw that could lead to remote code execution in some cases.
“Sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping’s length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping,” the description of the vulnerability says.
Full Article
PHP 5.6.5 Released With Several Security Fixes
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.