On Nexen.net, there's a full posting of the bugs that have been posted to the PHP Month of Bugs by Stefan Esser so far (also here for the French speakers in the audience).

Some of the bugs include:

• PHP ext/gd Already Freed Resource Access Vulnerability
• PHP header() Space Trimming Buffer Underflow Vulnerability
• PHP shmop Functions Resource Verification Vulnerability
• PHP php_binary Session Deserialization Information Leak Vulnerability
• PHP Variable Destructor Deep Recursion Stack Overflow

Each one is linked to its description with details on the issue, including what needs to be done (usually an upgrade) to take care of it. You can also filter them by the version of PHP that you're using to see which ones might apply to your applications and servers.

On Nexen.net, there's a full posting of the bugs that have been posted to the PHP Month of Bugs by Stefan Esser so far (also here for the French speakers in the audience).

Some of the bugs include:

• PHP ext/gd Already Freed Resource Access Vulnerability
• PHP header() Space Trimming Buffer Underflow Vulnerability
• PHP shmop Functions Resource Verification Vulnerability
• PHP php_binary Session Deserialization Information Leak Vulnerability
• PHP Variable Destructor Deep Recursion Stack Overflow

Each one is linked to its description with details on the issue, including what needs to be done (usually an upgrade) to take care of it. You can also filter them by the version of PHP that you're using to see which ones might apply to your applications and servers.

In the spirit of the Month of PHP Bugs going on right now (March 2007), Justin Silverton has spotlighted just a few of them in a new entry to the JSLabs blog today.

He mentions issues like:

• a header() issue that results from a call to it with an all-whitespace string
• a session issue in PHP5 where an identifier isn't freed correctly
• and an issue with the compress.bzip2 URL wrapper not following safe_mode or open_basedir restrictions (already corrected).

These are just a few of the bugs that have been reported during the month-long event, so check out php-security.org. He also points to the Suhosin patch that can help alleviate some of these issues.

In the spirit of the Month of PHP Bugs going on right now (March 2007), Justin Silverton has spotlighted just a few of them in a new entry to the JSLabs blog today.

He mentions issues like:

• a header() issue that results from a call to it with an all-whitespace string
• a session issue in PHP5 where an identifier isn't freed correctly
• and an issue with the compress.bzip2 URL wrapper not following safe_mode or open_basedir restrictions (already corrected).

These are just a few of the bugs that have been reported during the month-long event, so check out php-security.org. He also points to the Suhosin patch that can help alleviate some of these issues.