There are 8 of them!

Aug 31, 2007 13:33 GMT  ·  By

The PHP version prior to 5.2.4 has been disclosed with vulnerabilities, that amongst other effects, may cause a malicious user to bypass security. This has been ranked as "moderately critical" by Secunia experts and already been solved by the vendors - just update to the latest version!

In case you did not know, PHP stands for PHP (also the name of the firm that develops it) Hypertext Preprocessor. It works as a scripting language used to create dynamic websites. It uses syntax from C, Java and even Perl and it is embedded within HTML (Hypertext Mark-Up Language) pages for server side execution. It really comes in handy when you want to extract some info out of a database and have it displayed on a web page. You can imagine the utilities it has and why patching it is so important!

Here are a part of the flaws, as they appear on Secunia: two integer overflow errors exist within the "gdImageCreate()" and "gdImageCreateTrueColor()" functions in ext/gd/libgd/gd.c. These can be exploited to cause a heap-based buffer overflow via overly large integer values passed as parameters to e.g. the "imagecreatetruecolor()" PHP function. Another vulnerability would be the fact that two integer overflow errors exist within the "gdImageCopyResized()" function in ext/gd/libgd/gd.c. These can be exploited to cause a heap-based buffer overflow via overly large integer values passed as parameters to the "imagecopyresized()" or "imagecopyresampled()" PHP functions. And there are 6 more, which you can check out on Secunia's site.

In the new PHP 5.2.4 version they have fixed more than 120 bugs and even added a persistent connection status checker to pdo_pgsql. You can see the full benefits of updating, by clicking on this link.