PHP Team released PHP 5.2.3 with many security and stability improvements as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release. From the ChangeLog :
- Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
- Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
- Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
- Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
- Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
- Added mysql_set_charset() to allow runtime altering of connection encoding.
To upgrade there is an excellent migration guide over the php.net website, and detailing changes introduced in PHP 5.2.3. Download PHP 5.2.3
