Software Update: PHP 4.4.1

Spread the love

The developers of The PHP Group have released a new release of PHP and assigned the version number 4.4.1. They recommend anyone using PHP 4.3 or PHP 4.4 to upgrade. This release fixes a number of bugs and a number of security vulnerabilities related to overwriting the GLOBALS array. The included announcement looks like this:

The PHP Development Team would like to announce the immediate release of PHP 4.4.1. This is a bug fix release, which addresses some security problems too. The security issues that this release fixes are:

  • Fixed a Cross Site Scripting (XSS) vulnerabilities phpinfo() that could lead fe to cookie exposure, when a phpinfo() script is accidentally left on a production server.
  • Fixed multiple safe_mode/open_basedir bypass vulnerabilities in ext/curl and ext/gd that could lead to exposure of files normally not accessible due to safe_mode or open_basedir restrictions.
  • Fixed a possible $GLOBALS overwrite problem in file upload handling, extract() and import_request_variables() that could lead to unexpected security holes in scripts assumed secure. (For more information, see here).
  • Fixed a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls. In some cases this can result in register_globals being turned on.
  • Fixed an issue with trailing slashes in allowed basedirs. They were ignored by open_basedir checks, so that specified basedirs were handled as prefixes and not as full directory names.
  • Fixed an issue with calling virtual() on Apache 2. This allowed bypassing of certain configuration directives like safe_mode or open_basedir.
  • Updated to the latest pcrelib to fix a possible integer overflow vulnerability announced in CAN-2005-2491.

This release also fixes 35 other defects, where the most important is the the fix that removes a notice when passing a by-reference result of a function as a by-reference value to another function. (Bug #33558).


  • Added missing safe_mode checks for image* functions and cURL.
  • Added missing safe_mode/open_basedir checks for file uploads.
  • Fixed a memory corruption bug regarding included files.
  • Fixed possible INI setting leak via virtual() in Apache 2 sapi.
  • Fixed possible crash and/or memory corruption in import_request_variables().
  • Fixed potential GLOBALS overwrite via import_request_variables().
  • Fixed possible GLOBALS variable override when register_globals are ON.
  • Fixed possible register_globals toggle via parse_str().
  • Added “new_link” parameter to mssql_connect(). Bug #34369.
  • Fixed bug #34850 (–program-suffix and –program-prefix not included in man page names).
  • Fixed bug #34790 (preg_match_all(), named capturing groups, variable assignment/return => crash).
  • Fixed bug #34742 (ftp wrapper failures caused from segmented command transfer).
  • Fixed bug #34704 (Infinite recursion due to corrupt JPEG).
  • Fixed bug #34645 (ctype corrupts memory when validating large numbers).
  • Fixed bug #34565 (mb_send_mail does not fetch mail.force_extra_parameters).
  • Fixed bug #34557 (php -m exits with “error” 1).
  • Fixed bug #34456 (Possible crash inside pspell extension).
  • Fixed bug #34311 (unserialize() crashes with chars above Dec 191).
  • Fixed bug #34307 (on_modify handler not called to set the default value if setting from php.ini was invalid).
  • Fixed bug #34302 (date(‘W’) do not return leading zeros for week 1 to 9).
  • Fixed bug #34277 (array_filter() crashes with references and objects).
  • Fixed bug #34191 (ob_gzhandler does not enforce trailing \0).
  • Fixed bug #34156 (memory usage remains elevated after memory limit is reached).
  • Fixed bug #34148 (+,- and . not supported as parts of scheme).
  • Fixed bug #34137 (assigning array element by reference causes binary mess).
  • Fixed bug #34068 (Numeric string as array key not cast to integer in wddx_deserialize()).
  • Fixed bug #34064 (arr[] as param to function is allowed only if function receives argument by reference).
  • Fixed bug #33989 (extract($GLOBALS,EXTR_REFS) crashes PHP).
  • Fixed bug #33987 (php script as ErrorDocument causes crash in Apache 2).
  • Fixed bug #33940 (array_map() fails to pass by reference when called recursively).
  • Fixed bug #33690 (Crash setting some ini directives in httpd.conf).
  • Fixed bug #33673 (Added detection for partially uploaded files).
  • Fixed bug #33648 (Using –with-regex=system causes compile failure).
  • Fixed bug #33558 (Warning with nested calls to functions returning by reference).
  • Fixed bug #33383 (crash when retrieving empty LOBs).
  • Fixed bug #33156 (cygwin version of settimer doesn’t accept ITIMER_PROF).
  • Fixed bug #32937 (open_basedir looses trailing / in the limiter).
  • Fixed bug #32589 (possible crash inside imap_mail_compose() function).
  • Fixed bug #32179 (xmlrpc_encode() segfaults with recursive references).
  • Fixed bug #32160 (copying a file into itself leads to data loss).
  • Fixed bug #31158 (array_splice on $GLOBALS crashes).
  • Fixed bug #29983 (PHP does not explicitly set mime type & charset).
  • Fixed bug #29253 (array_diff with $GLOBALS argument fails).
  • Fixed bug #21306 (ext/sesssion: catch bailouts of write handler during RSHUTDOWN).

[break]The following downloads are ready:
Source bz2
Source tarball
Windows installer
Windows Zipped

Version number 4.4.1
Operating systems Windows 9x, Windows NT, Windows 2000, Linux, BSD, Windows XP, macOS, OS/2, Solaris, UNIX, Windows Server 2003
Website The PHP Group
License type Prerequisites (GNU/BSD/etc.)
You might also like