Skip to Content

Posts under tag: PHP

February 26, 2010

PHP 5.2.13 addresses security holes

The H-Secirity writes:

An update which fixes around 40 bugs is available for the PHP 5.2 development branch. Version 5.2.13 comes highly recommended for all PHP 5.2.x users, as it includes a number of security-related fixes. These include a bug when validating the safe_mode configuration variable in the tempnam() function which arises when the path does not end in /).
An open_basedir/safe_mode bypass vulnerability in the session extension has also been fixed. (more…)