[mapserver-users] PHP 4.2.2 and MapScript

Thu Jul 25 17:07:33 EDT 2002

Hi Chip,

FYI the e-matters advisory seemed to say that this vulnerability can
hardly be exploited on windoze, we still take this issue seriously and
will upgrade the dlls, but that's why this was less of a priority for
us:

 "On the IA32 architecture (aka. x86) it is not possible to control 
  what will end up in the uninitialised struct because of the stack
  layout. All possible code paths leave illegal addresses within the
  struct and PHP will crash when it tries to free them. "

Daniel

Yewondwossen Assefa wrote:
> 
> Hi There,
> 
>  Usually dll's produced with one version of pho will not work with other php
> versions. The module number (that is used to check compatibility in php when
> loading an extarnal module like php/mapscript) changes between each version.
> That was the case until now for every release, so I would assume the same thing
> between these 2 last releases.
> 
> I will be putting a new dll for 4.2.2 in the next week or so on the download
> site.
> 
> Later,
> 
> "Hankley, Chip" wrote:
> 
> > I see that there was a recent release of PHP in response to a vulnerability
> > with POST in PHP 4.20 and 4.21 - Has anyone tried the 4.21 dlls from
> > DMSolutions with 4.22?
> >
> > http://www.php.net/release_4_2_2.php
> > http://security.e-matters.de/advisories/022002.html
> >
> > The front page at php.net says that "...the new 4.2.2 release doesn't
> > include other changes, so upgrading from 4.2.1 is safe and painless." So,
> > I'm not sure if the 4.2.1 dlls will work, sounds like they might... but it
> > would be nice to know before I start installing....
> >
> > TIA
> >
> > Chip Hankley
> 
> --
> ----------------------------------------------------------------
> Assefa Yewondwossen
> Software Analyst
> 
> Email: assefa at dmsolutions.ca
> http://www.dmsolutions.ca/
> 
> Phone: (613) 565-5056 (ext 14)
> Fax:   (613) 565-0925
> ----------------------------------------------------------------