LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

PHP 5.3.10 released with critical security fix

[Posted February 2, 2012 by corbet]

From:  Johannes Schlüter <johannes-AT-php.net>
To:  php-announce-AT-lists.php.net, php-general-AT-lists.php.net, internals-AT-lists.php.net
Subject:  PHP 5.3.10 Released!
Date:  Thu, 02 Feb 2012 23:16:01 +0100
Message-ID:  <1328220961.4658.3314.camel@guybrush>
Archive-link:  Article, Thread 

The PHP development team would like to announce the immediate
availability of PHP 5.3.10. This release delivers a critical security
fix.

Security Fix in PHP 5.3.10:

  * Fixed arbitrary remote code execution vulnerability reported by
    Stefan Esser, CVE-2012-0830.

All users are strongly encouraged to upgrade to PHP 5.3.10.

For source downloads please visit our downloads page on
http://php.net/downloads.php , Windows binaries can be found on
http://windows.php.net/download/

Note that not all mirror sites may be up to date at this point in time,
so if you can't find this version on some mirror, please try again later
or choose another download site.

Johannes Schlüter
PHP 5.3 Release Master


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
(Log in to post comments)

PHP 5.3.10 released with critical security fix

Posted Feb 2, 2012 23:06 UTC (Thu) by csamuel (✭ supporter ✭, #2624) [Link]

Debian Squeeze update announced here:

http://lists.debian.org/debian-security-announce/2012/msg...

PHP 5.3.10 released with critical security fix

Posted Feb 3, 2012 0:04 UTC (Fri) by dowdle (subscriber, #659) [Link]

RHEL 4, 5 and 6 updates here:
https://rhn.redhat.com/errata/RHSA-2012-0093.html

For their php53 packages for RHEL5:
https://rhn.redhat.com/errata/RHSA-2012-0092.html

PHP 5.3.10 released with critical security fix

Posted Feb 3, 2012 0:36 UTC (Fri) by louie (subscriber, #3285) [Link]

I think in a decade+ of reading LWN this is the first time I can remember seeing a double-post.

Double post

Posted Feb 3, 2012 0:41 UTC (Fri) by corbet (editor, #1) [Link]

We've had a few over the years... I noticed this one right away but left it in place because they were really two different things: an explanation of the problem and an announcement of the fix. In a more together world we'd have done a single combined item, but that doesn't always happen...

PHP 5.3.10 released with critical security fix

Posted Feb 3, 2012 12:59 UTC (Fri) by RichieB (guest, #82736) [Link]

It is interesting to know that php sat on a bug report for 3 weeks before fixing this critical issue. See http://bugs.php.net/60708

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds