PHP 5.1.5 Release Announcement
This release address a series of locally exploitable security problems discovered since PHP 5.1.4.
All PHP users are encouraged to upgrade to this release as soon as possible.
This release provides the following security fixes:
- Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions.
- Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
- Fixed possible open_basedir/safe_mode bypass in cURL extension and with realpath cache.
- Fixed overflow in GD extension on invalid GIF images.
- Fixed a buffer overflow inside sscanf() function.
- Fixed an out of bounds read inside stripos() function.
- Fixed memory_limit restriction on 64 bit system.
In addition to the security fixes, both releases include a small number of non-security related bug fixes.
For a full list of changes in PHP 5.1.5, see the
ChangeLog.