========= Zend Server 5.1.0 PHP Hotfix Release Notes ======== 


=============================
1. General Notes
=============================

This package is a hotfix for PHP security vulnerabilities fixed in PHP 5.3.6 release. 

The hotfix is applicable to Zend Server 5.1 and it fixes the reported vulnerabilities in PHP 5.3.5 and PHP 5.2.17 included in Zend Server 5.1.

=============================
2. What's New In This Hotfix
=============================


Security fixes backported to PHP 5.3.5
- Fixed format-string vulnerability on Phar
	(CVE-2011-1153), bug #54247)
- Fixed integer overflow in shmop_read() 
	(CVE-2011-1092, bug #54193)
- Fixed buffer overrun with high values for precision ini setting).
  	(bug #54055)
- Fixed ZipArchive segfault with FL_UNCHANGED on empty archive.
 	(CVE-2011-0421, bug #53885 )
- Fixed crash on crafted tag in exif.
	(CVE-2011-0708, bug #54002) -- for Linux only
  

Security fixes backported to PHP 5.2.17
- Fixed ZipArchive segfault with FL_UNCHANGED on empty archive.
 	(CVE-2011-0421, bug #53885 )
- Fixed crash on crafted tag in exif. 
	(CVE-2011-0708, bug #54002) -- for Linux only


=============================
3. Support and Feedback
=============================

* With any questions about this hotfix please contact Zend Support
  at http://www.zend.com/en/support-center/



- - - -

Zend Technologies, Inc.
www.zend.com

Copyright 2011 Zend Technologies, Inc. All Rights Reserved 

========= Zend Server 5.1.0 PHP Hotfix Release Notes ========