I run the default apache (2.2.22) and php installation (5.2.17) and installed using easyapache through cpanel/WHM.
Secunia dot com released several security vulnerability notifications today that affect php 5.3x and 5.4x (and presumably 5.2x as well but I could be wrong).
Some of these vulnerabilities were reported today and others about a month ago. Have they already been backported to php 5.2.17 by the cpanel team when installed using easyapache? If not, will they? Or is the only choice to upgrade to the latest version of php 5.3x or 5.4x to be protected against these latest vulnerabilities?
We run many websites and unfortunately trying to get the web developers to update their code to work with php 5.3x and newer is a PITA. I'd still like to run php 5.2x but not if it's going to lead to the server getting rooted through arbitrary code execution vulnerabilities in php 5.2x.
Any info or tips are greatly appreciated.
secunia dot com/advisories/49731/ (cve's listed here)
secunia dot com/advisories/49014/ (cves listed here)