PHP have released version 5.2.3 of the PHP scripting language, providing a number of security related fixes including integer overflows in chunk_split(), infinte loop vulnerabilities in imagecreatefrompng, email validation vulnerabilities, safe_mode bypass, improved fixes for database support, and also added some functionality to the base set. There are also a number of other security-related patches included.

Description:

The PHP development team have released version 5.2.3 of the scripting language. A number of key security fixes are included, including patches for vulnerabilities that could allow an attacker to take complete control of the system that PHP is running on. Noted PHP security researcher, Stefan Esser, has claimed that there are still known vulnerabilities outstanding.

Mitigation:

Apply version 5.2.3 of PHP at the earliest opportunity

Updates:

http://www.php.net/downloads.php#v5

Source:

http://www.php.net/releases/5_2_3.php

Exploits:

MOPB

CVE-ID: CVE-2007-1887 CVE-ID: CVE-2007-2872 CVE-ID: CVE-2007-1900 CVE-ID: CVE-2007-2756