102 replies to this topic

[AplusWebMaster]

FYI...

PHP 5.5.8 released
- http://php.net/archi...#id2014-01-10-1
10-Jan-2014 - "The PHP development team announces the immediate availability of PHP 5.5.8. This release fixes about -20- bugs against PHP 5.5.7 components..."

- http://www.php.net/C...Log-5.php#5.5.8

PHP 5.4.24 released
- http://php.net/archi...#id2014-01-10-2
10-Jan-2014 - "The PHP development team announces the immediate availability of PHP 5.4.24. About -14- bugs were fixed. All PHP 5.4 users are encouraged to upgrade to this version..."

- http://www.php.net/C...og-5.php#5.4.24

- http://www.php.net/downloads.php

- http://windows.php.net/download/
 

[AplusWebMaster]

FYI...

PHP 5.5.10 released
- http://php.net/
2014-03-06 - "The PHP development team announces the immediate availability of PHP 5.5.10. Several bugs were fixed in this release, including security issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327 have been addressed in this release. We recommand all PHP 5.5 users to upgrade to this version..."

- https://web.nvd.nist...d=CVE-2014-1943 - 5.0
- https://web.nvd.nist...d=CVE-2014-2270 - 4.3
- https://web.nvd.nist...d=CVE-2013-7327 - 6.8

ChangeLog
- http://www.php.net/C...og-5.php#5.5.10

- http://www.php.net/downloads.php

- http://windows.php.net/download/
___

PHP 5.4.26 released
- http://php.net/
2014-03-07 - "...  5.4.26. 5 bugs were fixed in this release, including CVE-2014-1943. All PHP 5.4 users are encouraged to upgrade to this version..."

ChangeLog
- http://www.php.net/C...og-5.php#5.4.26

- http://www.php.net/downloads.php

- http://windows.php.net/download/
 

Edited by AplusWebMaster, 20 March 2014 - 03:28 AM.

[AplusWebMaster]

FYI...

PHP 5.5.11 released
- http://www.php.net/a...#id2014-04-02-1
2 Apr 2014 - "... immediate availability of PHP 5.5.11. Several bugs were fixed in this release, some bundled libraries updated and a security issue has been fixed : CVE-2013-7345*. We recommend all PHP 5.5 users to upgrade to this version..."

Changelog
- http://www.php.net/C...og-5.php#5.5.11

- http://www.php.net/downloads.php

* https://web.nvd.nist...d=CVE-2013-7345 - 5.0
___

PHP 5.4.27 released
- http://php.net/archi...#id2014-04-03-1
3 Apr 2014 - "... immediate availability of PHP 5.4.27. 6 bugs were fixed in this release, including CVE-2013-7345. All PHP 5.4 users are encouraged to upgrade to this version..."

ChangeLog
- http://www.php.net/C...og-5.php#5.4.27

- http://www.php.net/downloads.php

.

Edited by AplusWebMaster, 04 April 2014 - 04:52 AM.

[AplusWebMaster]

FYI...

PHP 5.5.12 released
- http://php.net/
30 Apr 2014 - "The PHP Development Team announces the immediate availability of PHP 5.5.12. This release fixes several bugs against PHP 5.5.11, as well as CVE-2014-0185 regarding PHP-FPM. All PHP users are encouraged to upgrade to this new version..."

Changelog
- http://www.php.net/C...og-5.php#5.5.12

Downloads
- http://www.php.net/downloads.php
___

PHP 5.4.28 released
- http://php.net/
30 Apr 2014 - "The PHP development team announces the immediate availability of PHP 5.4.28. 19 bugs were fixed in this release, including CVE-2014-0185. All PHP 5.4 users are encouraged to upgrade to this version..."

ChangeLog
- http://www.php.net/C...og-5.php#5.4.28

Downloads
- http://www.php.net/downloads.php
____

- http://www.securityt....com/id/1030187
CVE Reference: https://cve.mitre.or...e=CVE-2014-0185
May 2 2014
Impact: User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.5.11 and prior versions...
Solution: The vendor has issued a fix (5.5.12)...
___

- http://atlas.arbor.n...ndex#2038502733
High Severity
9 May 2014
 

Edited by AplusWebMaster, 11 May 2014 - 09:27 AM.

[AplusWebMaster]

FYI...

PHP 5.5.13 released
- http://php.net/
29 May 2014 - "The PHP Development Team announces the immediate availability of PHP 5.5.13. This release fixes several bugs in PHP 5.5.12, and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237). All PHP users are encouraged to upgrade to this new version..."

Changelog
- http://www.php.net/C...og-5.php#5.5.13

Download
- http://www.php.net/downloads.php

- http://windows.php.net/download/

- https://web.nvd.nist...d=CVE-2014-0237 - 5.0

- https://web.nvd.nist...d=CVE-2014-0238 - 5.0
___

PHP 5.4.29 released
- http://php.net/
29 May 2014 - "The PHP development team announces the immediate availability of PHP 5.4.29. 16 bugs were fixed in this release, including two security issues in fileinfo extension. All PHP 5.4 users are encouraged to upgrade to this version..."

Changelog
- http://www.php.net/C...og-5.php#5.4.29

Download
- http://www.php.net/downloads.php

- http://windows.php.net/download/
___

- http://www.securityt....com/id/1030321
CVE Reference: CVE-2014-0237, CVE-2014-0238
Jun 3 2014
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 5.4.29, 5.5.13 ...
Solution: The vendor has issued a fix (5.4.29, 5.5.13).
The vendor's advisory is available at:
- http://www.php.net/C...og-5.php#5.5.13
 

Edited by AplusWebMaster, 03 June 2014 - 04:13 AM.

[AplusWebMaster]

FYI...

PHP 5.5.14 released
- http://www.php.net/
27 Jun 2014 - "The PHP Development Team announces the immediate availability of PHP 5.5.14. This release fixes several bugs against PHP 5.5.13. Also, this release fixes a total of -8- CVEs, half of them concerning the FileInfo extension. All PHP users are encouraged to upgrade to this new version..."
Changelog
- http://www.php.net/C...og-5.php#5.5.14
Download
- http://www.php.net/downloads.php

- http://windows.php.net/download/
___

PHP 5.4.30 Released
- http://www.php.net/
26 Jun 2014 - "The PHP development team announces the immediate availability of PHP 5.4.30. Over -20- bugs were fixed in this release, including the following security issues: CVE-2014-3981, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-4049, CVE-2014-3515. All PHP 5.4 users are encouraged to upgrade to this version..."
Changelog
- http://www.php.net/C...og-5.php#5.4.30
Download
- http://www.php.net/downloads.php

- http://windows.php.net/download/
___

- https://secunia.com/advisories/59575/
Release Date: 2014-06-27
Criticality: Moderately Critical
Where: From remote
Impact: Unknown, DoS, System access
Software: PHP 5.4.x, PHP 5.5.x
CVE Reference(s): CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487,
CVE-2014-4049
...  vulnerabilities are reported in versions prior to 5.4.30 and 5.5.14.
Solution: Update to version 5.4.30 or 5.5.14.

- http://www.securityt....com/id/1030523
CVE Reference: CVE-2014-3981
Jul 4 2014
Impact: Execution of arbitrary code via local system, Modification of system information, Root access via local system, User access via local system
Version(s): prior to versions 5.4.30, 5.5.14 ...
Solution: The vendor has issued a fix (5.4.30, 5.5.14)...

- http://atlas.arbor.n...ndex#1945227678
High Severity
3 Jul 2014
New versions of PHP, 5.5.14 and 5.4.30, have been released, addressing numerous security issues and flaws, including two OpenSSL vulnerabilities.
Analysis: Additionally, this update addresses flaws that could be exploited to overwrite of arbitrary files by local users, cause denial of service, and execute arbitrary code... PHP is a widespread target often exploited by attackers; users should upgrade in a timely manner.
 

Edited by AplusWebMaster, 07 July 2014 - 03:34 AM.

[AplusWebMaster]

FYI...

PHP 5.5.15 released
- http://php.net/
24 Jul 2014 - "The PHP Development Team announces the immediate availability of PHP 5.5.15. This release fixes several bugs against PHP 5.5.14. All PHP users are encouraged to upgrade to this new version..."
ChangeLog
- http://php.net/ChangeLog-5.php#5.5.15
Download
- http://www.php.net/downloads.php

- http://windows.php.net/download
___

PHP 5.4.31 released
- http://php.net/
24 Jul 2014 - "The PHP development team announces the immediate availability of PHP 5.4.31. Over 10 bugs were fixed in this release. All PHP 5.4 users are encouraged to upgrade to this version..."
ChangeLog
- http://www.php.net/C...og-5.php#5.4.31
Download
- http://www.php.net/downloads.php

- http://windows.php.net/download/
 

Edited by AplusWebMaster, 25 July 2014 - 02:58 AM.

[AplusWebMaster]

FYI...

PHP 5.3.29 released
- http://php.net/
14 Aug 2014 - "... immediate availability of PHP 5.3.29. This release marks the end of life of the PHP 5.3 series. Future releases of this series are -not- planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively. PHP 5.3.29 contains about -25- potentially security related fixes backported from PHP 5.4 and 5.5..."

ChangeLog
- http://php.net/ChangeLog-5.php#5.3.29
Download
- http://www.php.net/downloads.php

- http://windows.php.net/download

"... For helping your migration to newer versions please refer to our migration guides for updates from PHP 5.3 to 5.4 and from PHP 5.4* to 5.5**."
* http://php.net/migration54

** http://php.net/migration55
 

[AplusWebMaster]

FYI...

PHP 5.5.16 released
- http://php.net/
22 Aug 2014 - "... immediate availability of PHP 5.5.16. This release fixes several bugs against PHP 5.5.15 and resolves CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120 and CVE-2014-3597. All PHP users are encouraged to upgrade to this new version..."

Change Log
- http://www.php.net/C...og-5.php#5.5.16

Download
- http://www.php.net/downloads.php

- http://windows.php.net/download/

___

PHP 5.4.32 released
- http://php.net/
21 Aug 2014 - "... immediate availability of PHP 5.4.32. -16- bugs were fixed in this release, including the following security-related issues: CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120. All PHP 5.4 users are encouraged to upgrade to this version..."

Change Log
- http://php.net/ChangeLog-5.php#5.4.32

Download
- http://www.php.net/downloads.php

- http://windows.php.net/download/
 

[AplusWebMaster]

FYI...

PHP 5.6.0 released
- http://php.net/
28 Aug 2014 - "... immediate availability of PHP 5.6.0. This new version comes with new features, some backward incompatible changes and many improvements..."

Migrating from PHP 5.5.x to PHP 5.6.x
- http://php.net/migration56

Change Log
- http://php.net/ChangeLog-5.php#5.6.0

Download
- http://php.net/downloads.php

- http://windows.php.net/download/
 

[AplusWebMaster]

FYI...

PHP 5.5.17, 5.4.33 released

- http://php.net/archi...#id2014-09-18-1
18 Sep 2014 - "... immediate availability of PHP 5.5.17. Several bugs were fixed in this release. All PHP 5.5 users are encouraged to upgrade to this version..."

ChangeLog: http://www.php.net/C...og-5.php#5.5.17
___

- http://php.net/archi...#id2014-09-18-2
18 Sep 2014 - "... immediate availability of PHP 5.4.33. -10- bugs were fixed in this release. All PHP 5.4 users are encouraged to upgrade to this version. This release is the -last- planned release that contains regular bugfixes. All the consequent releases will contain only security-relevant fixes, for the term of one year. PHP 5.4 users that need further bugfixes are encouraged to upgrade to PHP 5.6 or PHP 5.5..."

ChangeLog: http://www.php.net/C...og-5.php#5.4.33

Downloads:
- http://php.net/downloads.php

- http://windows.php.net/download/
 

[AplusWebMaster]

FYI...

PHP 5.6.1 released
- http://php.net/
2 Oct 2014 - "The PHP development team announces the immediate availability of PHP 5.6.1. Several bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version..."

ChangeLog
- http://php.net/ChangeLog-5.php#5.6.1

- http://www.php.net/downloads.php

- http://windows.php.net/download/
 

[AplusWebMaster]

FYI...

PHP 5.5.18 released
- http://php.net/
16 Oct 2014 - "The PHP development team announces the immediate availability of PHP 5.5.18. Several bugs were fixed in this release. A -regression- in OpenSSL introduced in PHP 5.5.17 has also been addressed in this release. PHP 5.5.18 also fixes -4- CVEs in different components. All PHP 5.5 users are encouraged to upgrade to this version..."

Changelog:
- http://php.net/ChangeLog-5.php#5.5.18

Downloads:
- http://www.php.net/downloads.php

- http://windows.php.net/download/
 

[AplusWebMaster]

FYI...

PHP 5.6.2 released ...
- http://php.net/
16 Oct 2014 - "The PHP development team announces the immediate availability of PHP 5.6.2. Four security-related bugs were fixed in this release, including fixes for CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670. All PHP 5.6 users are encouraged to upgrade to this version..."

Changelog
- http://www.php.net/C...Log-5.php#5.6.2

- http://www.php.net/downloads.php

- http://windows.php.net/download/

CVE Reference(s): CVE-2014-3668, CVE-2014-3669, CVE-2014-3670
___

PHP 5.5.18 released
-  http://php.net/
16 Oct 2014 - "The PHP development team announces the immediate availability of PHP 5.5.18. Several bugs were fixed in this release. A -regression- in OpenSSL introduced in PHP 5.5.17 has also been addressed in this release. PHP 5.5.18 also fixes 4 CVEs in different components. All PHP 5.5 users are encouraged to upgrade to this version..."

Changelog
- http://www.php.net/C...og-5.php#5.5.18

- http://www.php.net/downloads.php

- http://windows.php.net/download/
___

PHP 5.4.34 released
- http://php.net/
16 Oct 2014 - "The PHP development team announces the immediate availability of PHP 5.4.34. 6 security-related bugs were fixed in this release, including fixes for CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670. Also, a fix for OpenSSL which produced regressions was -reverted- . All PHP 5.4 users are encouraged to upgrade to this version...  

Changelog
- http://www.php.net/C...og-5.php#5.4.34

- http://www.php.net/downloads.php

- http://windows.php.net/download/
 

Edited by AplusWebMaster, 20 October 2014 - 03:39 AM.

[AplusWebMaster]

FYI...

PHP 5.6.3 released
- http://php.net/
13 Nov 2014 - "... immediate availability of PHP 5.6.3. This release fixes several bugs and one CVE in the fileinfo extension. All PHP 5.6 users are encouraged to upgrade to this version..."

Changelog
- http://www.php.net/C...Log-5.php#5.6.3

- http://www.php.net/downloads.php

- http://windows.php.net/download/
___

PHP 5.5.19 released
- http://php.net/
13 Nov 2014 - "... immediate availability of PHP 5.5.19. This release fixes several bugs and one CVE in the fileinfo extension. All PHP 5.5 users are encouraged to upgrade to this version..."

Changelog
- http://www.php.net/C...og-5.php#5.5.19

- http://www.php.net/downloads.php

- http://windows.php.net/download/
___

PHP 5.4.35 released
- http://php.net/
13 Nov 2014 - "...  immediate availability of PHP 5.4.35. 4 security-related bugs were fixed in this release, including the fix for CVE-2014-3710. All PHP 5.4 users are encouraged to upgrade to this version..."

Changelog
- http://www.php.net/C...og-5.php#5.4.35

- http://www.php.net/downloads.php

- http://windows.php.net/download/
___

- https://web.nvd.nist...d=CVE-2014-8626 - 7.5 (HIGH)
Last revised: 11/24/2014 - "... PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding..."
 

Edited by AplusWebMaster, 01 December 2014 - 08:34 AM.