Topic: Alertes sécu à tout va sur PHP

Les alertes n'arrêtent pas de tomber : le remêde
pour l'instant est de rétrogader à PHP-4.4.1.
Description:
Some vulnerabilities have been reported in PHP, which can be exploited by
malicious people to conduct cross-site scripting attacks, bypass certain
security restrictions, and potentially compromise a vulnerable system.
1) An error where the "GLOBALS" array is not properly protected, can be
exploited to define global variables by sending a "multipart/form-data" POST
request with a specially crafted file upload field, or via a script calling the
PHP function "extract()" or "import_request_variables()".
Successful exploitation may open up for vulnerabilities in various applications,
but requires that "register_globals" is enabled.
The vulnerability has been reported in versions 4.4.0 and 5.0.5, and prior.
2) An error in the handling of an unexpected termination in the "parse_str()"
PHP function, can be exploited to enable the "register_globals" directive for
the current execution by e.g. triggering a memory_limit request shutdown in a
script calling "parse_str()".
The vulnerability has been reported in versions 4.4.0 and 5.0.5, and prior.
3) Some unspecified input passed to the "phpinfo()" PHP function isn't properly
sanitised before being returned to the user. This can be exploited via a script
calling "phpinfo()" to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
The vulnerability has been reported in versions 4.4.0 and 5.0.5, and prior.
4) An integer overflow error in pcrelib may be exploited to cause a memory
corruption via a script calling a PHP function using the PCRE library where the
regular expression can be controlled by the attacker.
For more information:
SA16502
Successful exploitation may allow execution of arbitrary code.
5) The problem is that it is possible to bypass the "safe_mode" and
"open_basedir" protection mechanisms via the "ext/curl" and "ext/gd" modules.
6) An unspecified error in calling "virtual()" on Apache 2 can be exploited to
bypass certain configuration directives (e.g. "safe_mode" and "open_basedir").
Other bugs have also been reported where some may be security related.
Solution:
Update to version 4.4.1.
http://www.php.net/downloads.php
The vulnerabilities affecting PHP 5 have been fixed in the CVS repository.