Latest PHPs Fix Flaws

Users of PHP versions 4 and 5 users are being advised to upgrade to the latest versions in order to protect against a number of security issues.

The new PHP versions also include bug fixes, and in the case of PHP 5.1.2, some new features as well.

PHP version 5.1.2 fixes one vulnerability that the hardened PHP project labeled as “critical.” The so called, “PHP ext/session HTTP Response Splitting Vulnerability” defines an issue that could lead to a potential Cross SiteScripting (XSS) attack.

A second issue with PHP 5 carries the title “PHP ext/mysqli Format String Vulnerability.” It carries a low risk rating from the Hardened PHP project. The flaw, if exploited, could potentially lead to remote unauthorized code execution.

According to the PHP Development Team, PHP 5.1.2 includes 85 bug fixes that address a issues including various crashes, leaks and memory corruptions. The PHP 4.4.2 release includes 30 fixes for issues including one that could enable a possible cross-site scripting error.

Stefan Esser of the Hardened-PHP project told that PHP 4.4.2 also comes with a new built-in protection against HTTP Response Splitting that PHP 5.1.2 now has.

“This class of security bugs in PHP applications will not be exploitable in future PHP versions anymore,” Esser said.

Back in October, Esser’s Hardened PHP Project reported a number of vulnerabilities in both PHP 5.x and 4.x. In that particular incident, PHP 4 was patched several weeks sooner than PHP 5. In the current instance, both PHP 4 and 5 were patched at roughly the same time.

Beyond PHP 5 and 4, work is also underway on PHP 6 .

“PHP 6.x is far from beta and shares the much of the same code with PHP 5.1 (with the UNICODE additions),” Esser said. “Because my time is very limited, I usually only closely audit versions that are nearing release date or are already released.”

Esser argues that the time it took from vulnerability discovery to patched release was reasonable.

“People always oversee the fact, that I am not only the founder of the Hardened-PHP Project, but also the founder of the PHP Security Response Team,” Esser explained. “I am in the core PHP dev team for 5-6 years and I (and a few other PHP devs) am the security contact for vulnerabilities in PHP.”

“This means when I discover a vulnerability in PHP it is immediately known to at least one member of the security dev team,”Esser added. “I think this time we reacted in a ‘reasonable’ amount of time.”

News Around the Web