[Nucleus] PHP 5.3.29-27 (Security Update)

Atomicorp announcements, new release notifications and other company and product news.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8330
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

[Nucleus] PHP 5.3.29-27 (Security Update)

Unread post by scott »

Please note this is an important security update. It is highly recommended to upgrade to to version 5.3.29-27 PHP, and PHP Panda.

Changelog:
- Security fix for CVE-2014-8142
- Security fix for CVE-2014-9425


Additionally, the following CVE does *NOT* effect Nucleus builds of PHP:

* CVE-2014-9427 -- PHP-CGI Out of Bounds Read Code Execution Vulnerability

Vulnerability scans reporting PHP 5.3.29 as being vulnerable to the above CVE are false positive results. The following test case can be used:

1)
printf "#" > CVE-2014-9427.php

2)
php-cgi CVE-2014-9427.php

A vulnerable version would return a Segmentation Fault.
Post Reply