[EHPweb] Upgrade of PHP to v5.2.8

[Christopher J Bidwell]

I will be upgrading to php v5.2.8 this afternoon.

This upgrade addresses security concerns from 5.2.6.

The following is a list of changes:

Security Enhancements and Fixes in PHP 5.2.8: 
Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by 
Maksymilian Arciemowicz.
Fixed incorrect php_value order for Apache configuration, reported by 
Maksymilian Arciemowicz.
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Fixed bug #45151 (Crash with URI/file..php (filename contains 2 
dots)).(Fixes CVE-2008-3660)
Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer 
overflow). (Fixes CVE-2008-2829)
Key enhancements in PHP 5.2.8 include: 
Fixed several memory leaks inside the readline and sqlite extensions
A number of corrections relating to date parsing inside the date extension
Fixed bugs relating to data retrieval in the PDO extension
A series of crashes in various areas of code were resolved
Several corrections were made to the strip_tags() function in terms of < 
and <?XML handling
A number of bugs were fixed in extract() function when EXTR_REFS flag is 
being used
Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging 
facility
Over 170 bug fixes.

----------------
Thanks,

Chris Bidwell, RHCT
Red Hat Linux Administrator
Geologic Hazards Team
US Geological Survey
email: cbidwell at usgs.gov
work: 303-273-8642
mobile: 303-435-6362
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://geohazards.usgs.gov/pipermail/ehpweb/attachments/20081217/ab445fc3/attachment.html