“Highly popular PHP programming language is the first choice of modern developers. However, the security-related flaws have been a real pain. A good news is that the new released versions of PHP are effectively addressing the security related issues effectively. As per the current scenario, four vulnerabilities have already been addressed & correctly fixed in PHP 5.5 and 5.6, while in PHP 5.4, six vulnerabilities have been fixed.”
PHP has been a popular programming language as it encompasses a set of features that empower developers to make robust websites & web applications in quick time. A sort of boon for web developers, PHP has also undergone an array of updates and launch of new versions to ensure that the same level of programming ease is maintained and arising issues are fixed – needless to mention the importance of these updates for PHP website development. Reportedly, there have been some security-related flaws related with PHP programming; however, just to maintain PHP secured, newly released versions of PHP address the security issues effectively. Fixing these annoying security vulnerabilities was quite remarkable indeed for the PHP family of developers.
In total, four vulnerabilities have been addressed & fixed in PHP 5.5 and 5.6, while six vulnerabilities got fixed in PHP 5.4. CVE-2014-3669 is a high-severity security bug flaw in PHP's "unserialize()" function. Using the function on an unreliable data would lead to either information disclosure or crash. Only 32 bit systems are affected by this issue. Possibility of arbitrary code execution still remains ambiguous however. CVE identifier CVE-2014-3668 is another vulnerability fixed with the newer versions. CVE-2014-3669 and CVE-2014-3668 were some other vulnerabilities reported in September month by a Switzerland based researcher.
Another bug CVE-2014-3670 was reported by a software engineer. Due to this bug, parsing the thumbnail of a .jpg image (specially crafted) leads to head corruption. Its also possible now to extract embedded thumbnails from multiple image formats by employing APIs like exif_thumbnail. During the process of extraction of TIFF-formatted EXIF thumbnail from some JPEG image, PHP creates a standalone TIFF file - this is made possible as PHP re-encodes the thumbnail directory IFD tags and further prepends the tags to the thumbnail image. exif_ifd_make_value function makes re-encoding of individual values possible. Its highly recommended that users of PHP 5.4, 5.5 and 5.6 should update their installations.