PHP Development Team would like to announce the immediate release of PHP 4.3.10. This is a maintenance release that in addition to over 30 non-critical bug fixes addresses several very serious security issues.
These include the following:
CAN-2004-1018 - shmop_write() out of bounds memory write access.
CAN-2004-1018 - integer overflow/underflow in pack() and unpack() functions.
CAN-2004-1019 - possible information disclosure, double free and negative reference index array underflow in deserialization code.
CAN-2004-1020 - addslashes() not escaping \0 correctly.
CAN-2004-1063 - safe_mode execution directory bypass.
CAN-2004-1064 - arbitrary file access through path truncation.
CAN-2004-1065 - exif_read_data() overflow on long sectionname.
magic_quotes_gpc could lead to one level directory traversal with file uploads.
All Users of PHP are strongly encouraged to upgrade to this release as soon as possible.
Aside from the above mentioned issues this release includes the following important fixes:
For a full list of changes in PHP 4.3.10, see the ChangeLog.