This release marks the end of the active support for PHP 5.2. Following this release the PHP 5.2 series will receive no further active bug maintenance. Security fixes for PHP 5.2 might be published on a case by cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
Security Enhancements and Fixes in PHP 5.2.14:
- Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
- Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
- Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
- Fixed a possible memory corruption in substr_replace().
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
- Fixed a possible stack exaustion inside fnmatch().
- Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
- Fixed handling of session variable serialization on certain prefix characters.
- Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.
Key enhancements in PHP 5.2.14 include:
- Upgraded bundled PCRE to version 8.02.
- Updated timezone database to version 2010.5.
- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
- Fixed bug #52237 (Crash when passing the reference of the property of a non-object).
- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
- Fixed bug #51822 (Segfault with strange __destruct() for static class variables).
- Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).
- Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").
For a full list of changes in PHP 5.2.14 see the ChangeLog at PHP: PHP 5 ChangeLog.
Adsense
Recent Articles
Recent Blog Posts
