PHP 5.2.7 Released (Update: Has been removed, security reason)

Update!!

PHP 5.2.7 has been removed from distribution

Due to a security bug found in the PHP 5.2.7 release, it has been removed from distribution. The bug affects configurations where magic_quotes_gpc is enabled, because it remains off even when set to on. In the meantime, use PHP 5.2.6 until PHP 5.2.8 is later released.

PHP.net merelease php versi terbaru 5.2.7, banyak bug yang di fixed dapat dilihat di ChangeLog. Bersamaan dengan itu, Slackware.com juga merelease paket PHP 5.2.7 untuk Slackware 12.0 dan 12.1. Yang jadi pertanyaan saya kenapa tidak di release untuk Slackware 11 ? berarti yang menggunakan Slackware 11 kebawah harus mengcompile sendiri php 5.2.7 yang dapat download disini. Beberapa alasan slackware merelease paket PHP 5.2.7 (padahal biasanya tidak secepat ini dihitung sejak release dari PHP sendiri) :

• Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions (CVE)
• Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions (CVE)
• php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message.(CVE)
• Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. (CVE)
• HP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. (CVE)

Happy Compile