Jump to content


VlexoFree Notice

Interviews will be open every Friday starting at 12am PDT and lasting for 24 hours.

- - - - -

PHP update: 5.3.2 to 5.3.3

Started by Eli L, Jul 26 2010 05:49 PM

  • Please log in to reply
2 replies to this topic

#1 Eli L

Eli L

    VlexoFree Owner

  • Owner
  • 6,950 posts
  • LocationWashington, USA

Posted 26 July 2010 - 05:49 PM

Just a notice to all users that the server’s PHP version has been updated from version 5.3.2 to version 5.3.3.

Changes include:

Security Enhancements and Fixes in PHP 5.3.3:

  • Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
  • Fixed a possible resource destruction issues in shm_put_var().
  • Fixed a possible information leak because of interruption of XOR operator.
  • Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
  • Fixed a possible memory corruption in ArrayObject::uasort().
  • Fixed a possible memory corruption in parse_str().
  • Fixed a possible memory corruption in pack().
  • Fixed a possible memory corruption in substr_replace().
  • Fixed a possible memory corruption in addcslashes().
  • Fixed a possible stack exhaustion inside fnmatch().
  • Fixed a possible dechunking filter buffer overflow.
  • Fixed a possible arbitrary memory access inside sqlite extension.
  • Fixed string format validation inside phar extension.
  • Fixed handling of session variable serialization on certain prefix characters.
  • Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
  • Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
  • Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
  • Fixed possible buffer overflows when handling error packets in mysqlnd.

Key enhancements in PHP 5.3.3 include:

  • Upgraded bundled sqlite to version 3.6.23.1.
  • Upgraded bundled PCRE to version 8.02.
  • Added FastCGI Process Manager (FPM) SAPI.
  • Added stream filter support to mcrypt extension.
  • Added full_special_chars filter to ext/filter.
  • Fixed a possible crash because of recursive GC invocation.
  • Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
  • Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
  • Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
  • Fixed bug #52001 (Memory allocation problems after using variable variables).
  • Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows).
  • Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3).


For a full list of changes in PHP 5.3.3, see the ChangeLog.



View the blog article

Posted Image


Please do not PM me for support (unless its a private matter). Instead, post in the appropriate forum and help will be provided accordingly.
Helpful links: Terms of Service | Privacy Policy | Wiki - Tutorials & Help | VlexoFree Support |

Ad Bot


      #2 Eli L

      Eli L

        VlexoFree Owner

      • Owner
      • 6,950 posts
      • LocationWashington, USA

      Posted 27 July 2010 - 05:24 PM

      Furthermore, HTTPD (apache) has been updated from 2.2.15 to 2.2.16

      Changes with Apache 2.2.16

      Quote

        *) SECURITY: CVE-2010-1452 (cve.mitre.org)
           mod_dav, mod_cache: Fix Handling of requests without a path segment.
           PR: 49246 [Mark Drayton, Jeff Trawick]

        *) SECURITY: CVE-2010-2068 (cve.mitre.org)
           mod_proxy_ajp, mod_proxy_http, mod_reqtimeout: Fix timeout detection
           for platforms Windows, Netware and OS2.  PR: 49417. [Rainer Jung]

        *) core: Filter init functions are now run strictly once per request
           before handler invocation.  The init functions are no longer run
           for connection filters.  PR 49328.  [Joe Orton]

        *) mod_filter: enable it to act on non-200 responses.
           PR 48377 [Nick Kew]

        *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
           title page only) when any mod_ldap directives were used in VirtualHost
           context.  [Eric Covener]

        *) mod_ssl: Fix segfault at startup if proxy client certs are shared
           across multiple vhosts.  PR 39915.  [Joe Orton]

        *) mod_proxy_http: Log the port of the remote server in various messages.
           PR 48812. [Igor Galić <i galic brainsware org>]

        *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
           [Philip M. Gollucci]

        *) mod_dir: add FallbackResource directive, to enable admin to specify
           an action to happen when a URL maps to no file, without resorting
           to ErrorDocument or mod_rewrite.  PR 47184 [Nick Kew]

        *) mod_rewrite: Allow to set environment variables without explicitely
           giving a value. [Rainer Jung]

      Posted Image


      Please do not PM me for support (unless its a private matter). Instead, post in the appropriate forum and help will be provided accordingly.
      Helpful links: Terms of Service | Privacy Policy | Wiki - Tutorials & Help | VlexoFree Support |

      #3 Eli L

      Eli L

        VlexoFree Owner

      • Owner
      • 6,950 posts
      • LocationWashington, USA

      Posted 27 July 2010 - 05:27 PM

      Lastly, it took me like 5 recompiles of PHP but the PDO Driver for SQLite 3.x is now working again.

      Posted Image


      Please do not PM me for support (unless its a private matter). Instead, post in the appropriate forum and help will be provided accordingly.
      Helpful links: Terms of Service | Privacy Policy | Wiki - Tutorials & Help | VlexoFree Support |

      Back to Blog Announcements


      0 user(s) are reading this topic

      0 members, 0 guests, 0 anonymous users

      1. VlexoFree Community Forums
      2. VlexoFree Hosting
      3. Blog Announcements
      4. Privacy Policy