- It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code.
- PNG files in certain formats, which were loaded with the "gd" extension, were displayed incorrectly. This update adds support for such files and the files are now loaded correctly.
- Connecting to an Internet Message Access Protocol (IMAP) service could fail with the following error message:PHP Warning: imap_open(): Couldn't open streamThis happened if the server advertised support for Kerberos authentication, but the client was not configured to use Kerberos. This update adds the DISABLE_AUTHENTICATOR option for the imap_open() function, which allows to disable a specific authentication method.
- A PHP script that is using the ODBC interfaces could enter a deadlock if the maximum execution time period expires while it is executing an SQL statement. This occurs because the execution timer uses a signal and the invoked ODBC functions are not reentrant. This update modifies the underlying code so the deadlock is less likely to occur.
- Previously, the PHP mktime() function and some daytime functions were limited to 32-bit time stamps on 64-bit platforms due to a build configuration error. This update fixes the error and allows the use of 64-bit time stamps on 64-bit platforms.
- If a prepared statement was unset when using PostgreSQL through the PHP Data Objects (PDO) interface, the current transaction was aborted. This caused subsequent SQL queries in the transaction to fail. With this update, the prepared statement is unset correctly and subsequent queries work as expected.
- If a negative array index value was sent to the var_export() function, the function returned an unsigned index ID. With this update, the function has been modified to process negative array index values correctly.
- The php package description has been improved.