|
Due to security issues, AllMerchants recommends upgrading your web server to PHP 5.3.2+ or 5.2.13+.
The PHP 5.2.13 release fixes the following security issues:
Directory paths not ending with '/' may not be
correctly validated inside 'tempnam()' in
'safe_mode' configuration. It may be possible to bypass the 'open_basedir'/
'safe_mode' configuration restrictions due to an
error in session extensions. An unspecified vulnerability affects the LCG entropy.
The PHP 5.2.12 release fixes the following security issues:
It is possible to bypass the 'safe_mode' configuration
setting using 'tempnam()'. It is possible to bypass the 'open_basedir'
configuration setting using 'posix_mkfifo()'. Provided file uploading is enabled (it is by default),
an attacker can upload files using a POST request with
'multipart/form-data' content even if the target script
doesn't actually support file uploads per se. By
supplying a large number (15,000+) of files, he may be
able to cause the web server to stop responding while
it processes the file list. Missing protection for '$_SESSION' from interrupt
corruption and improved 'session.save_path' check. Insufficient input string validation in the
'htmlspecialchars()' function.
| 
