[Chameleon] SECURITY ADVISORY: Vulnerabilities in PHP 4.3.x

Daniel Morissette dmorissette at dmsolutions.ca
Fri Dec 17 12:27:41 EST 2004

(Please do not reply to this message. The Chameleon-announce list is 
read-only and subscribers cannot post to it.)

Chameleon users,

Some vulnerabilities have been identified and fixed in PHP 4/5 and the
PHP team has just released PHP 4.3.10 (and 5.0.2) with those fixes. You
can find out more at http://www.php.net/release_4_3_10.php

We are relaying this information to you because Chameleon makes use of
some of the vulnerable functions. Even though we have no evidence that
Chameleon applications might be vulnerable to an exploit, you are
strongly encouraged to upgrade your server installations to PHP 4.3.10.

For MS4W users, a new release of the MS4W package (v1.0.2) with PHP
4.3.10 is also available at

  Daniel Morissette               dmorissette at dmsolutions.ca
  DM Solutions Group              http://www.dmsolutions.ca/

More information about the Chameleon mailing list