• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Zend Patches High-Risk Security Flaw in PHP

    March 4, 2014 Alex Woodie

    Zend Technology last week issued emergency hotfixes for the latest PHP runtimes for IBM i, Windows, and Linux to fix a high-risk security vulnerability in PHP that could enable an attacker to execute arbitrary code on affected systems.

    Zend on Thursday announced the immediate availability of Zend Server 6.3 Hotfix 1. The hotfix implements a new release of the PHP language, version 5.5.9, and thereby patches a security flaw in its Zend Server PHP runtimes for IBM i, Windows, and Linux platforms. There is no hotfix for the Zend version 6.3 runtime for Mac OS X.

    The patch addresses the “imagecrop()” buffer overflow vulnerability that is referenced in CVE-2013-7226. The vulnerability, caused by improper bounds checking, could enable a malicious user to execute arbitrary code or a denial of service (DOS) attack. It is a “high risk” security vulnerability, according to IBM’s ISS X-Force report.

    The emergency hotfix comes just over a week after the company shipped Zend Server version 6.3, the first release of the PHP runtime to support the new PHP version 5.5 language. The release of that runtime coincided with the launch of Zend’s new long-term support policy, under which Zend expanded its technical support window for older releases of the PHP runtime and language from three to five years.

    Ironically, Zend’s customers were more concerned about security vulnerabilities discovered in older releases of the PHP runtime that the open source community could not be relied on to fix. But the CVE-2013-7266 vulnerability exists only in the newer PHP releases, versions 5.5 and 5.4. PHP version 5.3–an older release that is one of the targets of Zend’s new long-term support program–is not affected by the CVE-2013-7266 vulnerability.

    To download the Zend Server version 6.3 Hotfix 1 for IBM i or Windows, go to www.zend.com/en/products/server/downloads.

    RELATED STORY

    Congratulations, PHP: You Are Legacy Now



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Raz-Lee Security

    Raz-Lee Security is the leader in security and compliance solutions that guard business-critical information on IBM i servers. We are committed to providing the best and most comprehensive solutions for compliance, auditing, and protection from threats and ransomware. We have developed cutting-edge solutions that have revolutionized analysis and fortification of IBM i servers.

    Raz-Lee’s flagship iSecurity suite of products is comprised of solutions that help your company safeguard and monitor valuable information assets against intrusions. Our state-of-the-art products protect your files and databases from both theft and extortion attacks. Our technology provides visibility into how users access data and applications, and uses sophisticated user tracking and classification to detect and block cyberattacks, unauthorized users and malicious insiders.

    With over 35 years of exclusive IBM i security focus, Raz-Lee has achieved outstanding development capabilities and expertise. We work hard to help your company achieve the highest security and regulatory compliance.

    Key Products:

    • AUDIT
    • FIREWALL
    • ANTIVIRUS
    • ANTI-RANSOMWARE
    • MULTI-FACTOR AUTHENTICATION
    • AP-JOURNAL
    • DB-GATE
    • FILESCOPE
    • COMPLIANCE MANAGER
    • FIELD ENCRYPTION

    Learn about iSecurity Products at https://www.razlee.com/isecurity-products/

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    Maxava:  Don't wait for a disaster. Start planning today. DR Strategy Guide for IBM i FREE eBook.
    System i Developer:  Upgrade your skills at the RPG & DB2 Summit in Dallas, March 18-20.
    Northeast User Groups Conference:  24th Annual Conference, April 7 - 9, Framingham, MA

    More IT Jungle Resources:

    System i PTF Guide: Weekly PTF Updates
    IBM i Events Calendar: National Conferences, Local Events, and Webinars
    Breaking News: News Hot Off The Press
    TPM @ EnterpriseTech: High Performance Computing Industry News From ITJ EIC Timothy Prickett Morgan

    Watson Goin’ Mobile, Keeps On Movin’ DB2 For i Scalar Function Performance Considerations

    Leave a Reply Cancel reply

Volume 14, Number 5 -- March 4, 2014
THIS ISSUE SPONSORED BY:

SEQUEL Software
ProData Computer Services
BCD
Linoma Software
COMMON

Table of Contents

  • IBM Aims to Smooth DevOps with RTC Update
  • Zend Patches High-Risk Security Flaw in PHP
  • SAP HANA: Just a Sidecar to IBM i, For Now
  • m-Power Gets All Gussied Up with New Charts, Graphs
  • Alaska Telecom Ditches Tape for LaserVault UBD
  • Krengel Rejiggers Mailing Automation Lineup
  • Google’s New Login Is ‘Slick,’ But Will It Fly in the Enterprise?
  • RJS Bolsters Report-Delivery Tool
  • Halcyon Gives IBM i Shops an Edge in MQ Management
  • Infor Adds Industry-Specific Functionality to M3

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • The IBM i Power10 Upgrade Cycle Forecast Looks Favorable
  • White Hats Completely Dismantle Menu-Based Security
  • Cloud Software To Drive Enterprise Application Growth
  • How Do You Stay In Touch With The IBM i Community?
  • IBM i PTF Guide, Volume 25, Number 6
  • Security Still Top Concern, IBM i Marketplace Study Says
  • Bob Langieri Shares IBM i Career Trends Outlook for 2023
  • Kisco Brings Native SMS Messaging to IBM i
  • Four Hundred Monitor, February 1
  • 2023 IBM i Predictions, Part 4

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.