Does the P in LAMP means "Patch" - and Patch often? PHP itself loosk more an acronym for Patch, Hell, Patch!
Quick PHP patch beats slow research reveal
Patches have been flung out to cover vulnerabilities in PHP that led to remote code execution and buffer overflows. The flaws were detailed this week by Swiss researchers High-Tech Bridge in versions 5.4.33, 5.5.17 and 5.6.1 on a machine running Ubuntu 14.04.1 LTS and the Radamsa fuzzer. A patch issued last month for CVE-2014 …
COMMENTS
-
-
-
-
Friday 24th October 2014 10:01 GMT Skymonrie
To the downvoters, when I talk about having no single point of failure within software, I mean having a resilient environment.
Specifically addressing the bug in question, with proper input validation/sanitation data that could cause this bug would never get in to the system to begin with. How often do people store integers larger than 9223372036854775807 (for use in a PHP environment), especially from a serialized source?
On a typical website, if receiving "extreme" data (valid data but unexpected) I'd write details to a log and/or ask the user if they are sure they mean to use such a large value.
Either way, kudos to the PHP team for addressing the issue so quickly
-