PHP 5.2.11°æ±¾ÐÞ¸´¶à¸ö°²È«Â©¶´

ÊÜÓ°Ïìϵͳ£º
PHP PHP 5.2.x
²»ÊÜÓ°Ïìϵͳ£º
PHP PHP 5.2.11
ÃèÊö£º
BUGTRAQ  ID: 36449
CVE ID: CVE-2009-3291,CVE-2009-3292,CVE-2009-3293,CVE-2009-3294
PHPÊǹ㷺ʹÓõÄͨÓÃÄ¿µÄ½Å±¾ÓïÑÔ£¬ÌرðÊʺÏÓÚWeb¿ª·¢£¬¿ÉǶÈëµ½HTMLÖС£
PHPµÄ5.2.11֮ǰ°æ±¾µÄ¶à¸öº¯ÊýÖдæÔÚ°²È«Â©¶´£¬¿ÉÄÜÔÊÐíÔ¶³Ì¹¥»÷Õßµ¼Ö¾ܾø·þÎñ»òÍêÈ«ÈëÇÖÓû§ÏµÍ³¡£
1) PHPµÄphp_openssl_apply_verification_policyº¯ÊýûÓÐÕýÈ·µÄÖ´ÐÐÖ¤ÊéÑéÖ¤£¬¿ÉÄÜÔÊÐí¹¥»÷Õßͨ¹ýαÔìµÄÖ¤ÊéÖ´ÐÐÆÛÆ­¹¥»÷¡£
2) imagecolortransparentº¯ÊýûÓÐÕýÈ·µÄ¶ÔÑÕÉ«Ë÷ÒýÖ´ÐйýÂ˼ì²é¡£
3) µ±ÔËÐÐÔÚijЩWindows²Ù×÷ϵͳÉÏʱ£¬TSRM/tsrm_win32.cÎļþÖеÄpopen APIº¯ÊýÔÊÐí¹¥»÷Õßͨ¹ýµÚ¶þ¸ö²ÎÊýÖеÄÌØÖÆe»òer×Ö·û´®µ¼Ö¾ܾø·þÎñ¡£
<*À´Ô´£ºRyan Sleevi
  
  Á´½Ó£ºhttp://secunia.com/advisories/36791
        http://bugs.php.net/bug.php?id=44683
*>
²âÊÔ·½·¨£º
¾¯ ¸æ
ÒÔϳÌÐò(·½·¨)¿ÉÄÜ´øÓй¥»÷ÐÔ£¬½ö¹©°²È«Ñо¿Óë½Ìѧ֮Óá£Ê¹ÓÃÕß·çÏÕ×Ô¸º£¡
<?php
$t1 = popen("echo hello", "e");
pclose($t1);
$t2 = popen("echo hello", "re");
pclose($t2);
$t3 = popen("echo hello", "er");
pclose($t3);
?>