Home » , » Latest Release - OpenSSL Vulnerabilities Fixed By PHP

Latest Release - OpenSSL Vulnerabilities Fixed By PHP

jaki watson | 21:28 | 0 comments
Hire PHP Mysql Developer

The latest new version of the popular scripting language has been released by the PHP group that comes with various bug fixes including two in OpenSSL. OpenSSL’s flaws fixed don’t go up to the level of the major bugs like Heartbleed that have popped up from last few months. Both PHP 5.5.14 and 5.4.30 comes with fixes for the two vulnerabilities, i.e. OpenSSL handles timestamps on some certificates and other includes involves timestamps in different ways.

The bug report says for one of the OpenSSL flaws say, “This piece of code is the part of a backwards UTCTime parser. It moves 2 positions to the left, and converts those two characters to an int”. “However, certs with validity past 2050 contain GeneralizedTime formatted timestamps allowing 4 characters in the year field instead of the UTCTime this function parses (badly).”

In second OpenSSL vulnerability, some different type of data is handled by PHP. Its specially crafted certificate can cause mistakes. “The cert was generated by a Windows 2003 server. Note the “valid to” time is “Jun 21 15:59:11 2109 GMT”. PHP checks for V_ASN1_UTCTIME in openssl.c but it tiggers warning when the time is V_ASN1_GENERALIZEDTIME. Apart from, there is number of other bugs fixed in this latest release along with the two OpenSSL vulnerabilities fixed in PHP 5.5.14 and 5.4.30. Among them, many of are not related to security issues.

Looking at this latest release, if you want to develop PHP projects by adopting PHP Development Service then simply contact Perception System, a leading Offshore PHP Development Company, who provides result-oriented PHP solution at the most competitive rates.

More Information About Portfolio Click here.
Share this article :


Post a Comment

Design by: