(Dec 12) Several security issues were fixed in PHP.
Comment
Posts Tagged PHP
79 results.
SUMMARY cPanel, Inc. has released EasyApache 3.22.25 with PHP versions 5.3.28, 5.4.23, and 5.5.7. This release addresses PHP vulnerabilities CVE-2013-4073 and CVE-2013-6420 by fixing bugs in the OpenSSL module. We encourage all PHP users to upgrade to PHP versions 5.3.28, 5.4.23, and 5.5.7. AFFECTED VERSIONS All versions of PHP 5.3 …
The Joomla! Project and Community is excited to announce the release of the Joomla Framework! The Joomla Framework is a major step forward in the evolution of the Joomla! Project. Taking advantage of years of experience in creating the Joomla! CMS and later the Joomla! Platform, the development team has extracted and refactored many of the essential functions necessary to create, manage and deploy a modern PHP web application and compiled them into a library of modular packages that can be easily mixed and matched with other PHP frameworks and packages using Composer for dependency management.
This step enables two major areas of growth for the Joomla! project:
First, it makes several packages, inspired by the demanding needs of the Joomla! CMS, available to the larger PHP developer community, paving the way to build new web applications and services. These packages are distributed via Packagist.org for use with Composer and can be combined with packages from other best-of-breed PHP frameworks such as Symfony, Zend, and Laravel. Web Applications built on a server with the Joomla! Framework will have the advantage of creating, managing and authenticating user accounts; retrieving, managing and displaying content retrieved from one or more databases; and taking advantage of many social media integration features. For example, the social media packages for Facebook, Google, LinkedIn, and Twitter are well executed. They have a common API that interacts with each of the services, and offers good coverage of each service’s program interface.
Second, it allows a future version of the Joomla! CMS to be built upon this Framework and thereby benefit from the broader base of PHP developers that adopt and can contribute back to the Framework, as well as the dependency management features of Composer. The Framework will bring new rapid development tools to CMS extension developers that will allow them to create and maintain more sustainable and robust extensions.
Together these areas of growth combine to increase the development velocity of the Joomla! project and facilitates project collaboration and growth for the Open Source community as a whole.
What does this mean for the typical user of the Joomla! CMS for their website? Not much at this moment as the Framework is a toolkit for software designers and developers. Downloading the Framework will do nothing to enhance your current Joomla! website. It is, however, a great promise of things to come for future versions of the Joomla! CMS.
A new era of rapid web application development is ahead and the many lightweight, modular and decoupled packages within the Joomla Framework positions the Joomla! Project to be an even more prominent leader in the larger community of Open Source PHP solution developers.
For more information about the Joomla! Framework, please visit http://framework.joomla.org.
Debian: 2794-1: spip: Multiple vulnerabilities
Nov13
on November 13, 2013
at 7:08 am
Posted In: Uncategorized
(Nov 10) Several vulnerabilities have been found in SPIP, a website engine for publishing, resulting in cross-site request forgery on logout, cross-site scripting on author page, and PHP injection. [More…]
In the November 2013 survey we received responses from 785,293,473 sites, reflecting net growth of more than 18 million sites since last month.
Microsoft experienced the largest gains this month, with an additional 13.2 million sites taking its market share up by 1.15 percentage points. In contrast to recent trends, nginx’s market share fell by more […]
PHP.net blocked by Google: False positive or not?
Oct24
on October 24, 2013
at 11:32 am
Posted In: Uncategorized
Rasmus Lerdorf – the creator of PHP – is currently trying to get Google to stop blocking the whole php.net website after it was suspected of containing malware. In a tweet earlier this morning, Rasmus posted a screenshot and suggested that the block was caused by a false positive.
Debian: 2742-1: php5: interpretation conflict
Aug28
on August 28, 2013
at 1:19 am
Posted In: Uncategorized
(Aug 26) It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with [More…]
SUMMARY The PHP development team announces the immediate availability of PHP 5.4.19 and PHP 5.5.3. These releases fix a bug in the patch for CVE-2013-4248 in the OpenSSL module and a compile failure with ZTS enabled in PHP 5.4. All PHP users are encouraged to upgrade to either PHP 5.5.3 …
SUMMARY The PHP development team has announced the immediate availability of PHP 5.5.2. This release contains approximately 20 bug fixes, including a security issue in the OpenSSL module (CVE-2013-4248) and a session fixation problem (CVE-2011-4718). All users of PHP are encouraged to upgrade to this release. cPanel has released EasyApache …
SUMMARY The PHP development team announces the immediate availability of PHP 5.4.18. About 30 bugs were fixed, including security issues CVE-2013-4113 and CVE-2013-4248. All users of PHP are encouraged to upgrade to this release. cPanel has released EasyApache 3.22.5 with this updated version of PHP 5.4.18 to address this issue. …
Debian: 2726-1: php-radius: buffer overflow
Jul26
on July 26, 2013
at 9:17 pm
Posted In: Uncategorized
(Jul 25) A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow. [More…]
(Jul 17) It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely. [More…]
(Jul 16) Several security issues were fixed in PHP.
(Jun 11) PHP could be made to crash or run programs if it received specially craftedinput.
The following new functionality has been added:
[+] Migration of databases from remote DB server on Source to remote DB server on Destination
[+] (Linux only) phpMyAdmin has been upgraded to 3.5.8.1
[+] (Windows only) PHP 5.3 has been upgraded to 5.3.25
[+] (Windows only) PHP 5.4 has been upgraded to 5.4.15
The following new functionality has been added:
[+] MailEnable has been updated to version 7.06. It is actual only for new installation. Already existing MailEnable installations will not be upgraded.
The following bug has been fixed:
[-] PHP settings can’t be set via API-RPC (124552)
Debian: 2649-1: lighttpd: fixed socket name in world-
Mar20
on March 20, 2013
at 5:45 am
Posted In: Uncategorized
(Mar 15) Stefan Bühler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP control [More…]
Debian: 2646-1: typo3-src: Multiple vulnerabilities
Mar20
on March 20, 2013
at 5:28 am
Posted In: Uncategorized
(Mar 15) Typo3, a PHP-based content management system, was found vulnerable to several vulnerabilities. CVE-2013-1842 [More…]
(Mar 13) PHP could be made to expose sensitive information over the network.
Debian: 2639-1: php5: Multiple vulnerabilities
Mar07
on March 7, 2013
at 4:35 am
Posted In: Uncategorized
(Mar 5) Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: [More…]
The following new functionality has been added:
[+] (Windows only) PHP 5.4 support has been added.
[+] (Windows only) PHP 5.3 has been updated to version 5.3.21
[+] Ubuntu 12.04.2 support has been added.
The following bugs have been fixed:
[-] (Windows only) php.ini overwrites to default on PHP package update. Now php.ini will be backuped to php.ini.upgrade file in PHP folder, for instance “%plesk_dir%AdditionalPleskPHP53php.ini.upgrade”.
[-] (Linux only) bootstrapper.sh repair or post-install executed after MU#37 brakes phpMyAdmin 3.5.6 (130017)
[-] (Linux only) sw-engine-cgi processes stuck and accumulate over time putting a strain on memory usage (129857, 57773)
[-] (Linux only) Unable to delete PostgreSQL database user with error “Unsupported version” (129378)
[-] (Linux only) Unable to restart PostgreSQL 9.x service on Ubuntu 12 and SuSE 12 (129143)
The following new functionality has been added:
[+] (Linux only) MySQL Server 5.5 packaged by Parallels has been updated to 5.5.28 on CentOS 5 (128183)
[+] (Windows only) Support for mailnames with apostrophe symbol has been added (28985)
The following bug has been fixed:
[-] (Linux only) Parallels Premium Outgoing Antispam Mail Statistics uses system PHP interpretator instead of /usr/local/psa/bin/sw-engine-pleskrun which can produce PHP errors (122227)
The following Plesk Service Tool has been improved:
[*] Plesk Service Backup Tool. New options and usage scenarios have been added. Details in article http://kb.parallels.com/113252
(Jan 22) PHP could be made to expose sensitive information over the network.
Debian: 2610-1: ganglia: arbitrary script execution
Jan23
on January 23, 2013
at 10:04 pm
Posted In: Uncategorized
(Jan 21) Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web browser. [More…]
The following bug has been fixed:
[-] (Windows only) Plesk does not work after installation with custom path with error message “class “Db_Adapter_Pdo_Mysql” was not found”. Use latest version of autoinstaller 3.13.1 from http://download1.parallels.com/Plesk/PP11/11.0/Windows/ai.exe
[-] Show incorrect disc space usage and traffic statistics on “Statistics” tab for subscription
[-] PHP variable $_SERVER['REMOTE_ADDR'] returns IP address of server instead of client’s IP address if nginx used.
The following bug has been fixed:
[-] (Windows only) Plesk does not work after installation with custom path with error message “class “Db_Adapter_Pdo_Mysql” was not found”. Use latest version of autoinstaller 3.13.1 from http://download1.parallels.com/Plesk/PP11/11.0/Windows/ai.exe
[-] Show incorrect disc space usage and traffic statistics on “Statistics” tab for subscription
[-] PHP variable $_SERVER['REMOTE_ADDR'] returns IP address of server instead of client’s IP address if nginx used.
Debian: 2527-1: php5: Multiple vulnerabilities
Aug18
on August 18, 2012
at 1:28 am
Posted In: Uncategorized
(Aug 13) Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: [More…]
PHP 5.3 upgraded to version 5.3.15 in Parallels Plesk 10.4.4 for Windows
PHP 5.3 update for Parallels Plesk 10.4.4
Aug01
on August 1, 2012
at 8:00 pm
Posted In: Uncategorized
PHP 5.3 upgraded to version 5.3.15 in Parallels Plesk 10.4.4 for Windows
PHP 5.3 upgraded to version 5.3.15 in Parallels Plesk 11.0.9 for Windows