Search FogBugz

EnglishPortuguese

Multiple vulnerabilities within PHP 4/5

The Hardened-PHP Project has discovered a serious security vulnerability in all versions of PHP. We urge all FogBugz for Unix and Macintosh customers to upgrade PHP to the latest version immediately.

Affected versions:

PHP4 <= 4.3.9
PHP5 <= 5.0.2

Severity:

Allows local and remote execution of arbitrary code.

Vendor Notes:

The FogBugz source code contains at least one call to the
pack() function which would make it vulnerable until the PHP
upgrade is installed.

We are not releasing a patch to FogBugz at this time because
the safest fix is simply to upgrade PHP.

Details:

http://www.hardened-php.net/advisories/012004.txt

Action item:

Please download and install PHP version 4.3.10 immediately from
http://www.php.net/downloads.php.

Note that FogBugz requires PHP version 4.x and currently does not run on PHP 5.x.

We have written up tips on upgrading PHP to the latest version and getting FogBugz up and running again.

For support please contact Fog Creek Software.