11-01-2005 | vulnerabilities are reported to affect PHP versions 4.4.0 and prior

[Nugen]

There is a new set of serious security exploits found in PHP. Currently we can only compile 4.4.0. When will 4.4.1 be available via WHM?


INFO:
=======================
http://secunia.com/advisories/16502
http://www.php.net/release_4_4_1.php
http://www.hardened-php.net/advisories.15.html
=======================

Shout goes out over PHP security bugs
http://www.theregister.co.uk/2005/11...security_vuln/
=======================
Security researchers have identified numerous new vulnerabilities in PHP - the popular, open source web development environment. The critical security flaws create a possible means for hackers to conduct cross-site scripting attacks, bypass certain security restrictions or even (at least potentially) compromise a vulnerable system.

The vulnerabilities are reported to affect PHP versions 4.4.0 and prior. Users are advised to update to version 4.4.1 (release notes here). Most of this batch of PHP security vulnerabilities (summary) were discovered by Stefan Esser, of the Hardened-PHP Project, which has published a series of advisories here.

The security bugs described by the Hardened-PHP Project are yet to be developed into s'kiddie friendly exploits. But the past appearance of PHP-targeting worms, and the damage they caused, really ought to prompt the rapid deployment of security updates.

[chirpy]

v4.4.1 is available in WHM.

[fred123123]

is there any known problem about updating from 4.3.11 to 4.4.1... ? Can it break scripts of my users ?

[chirpy]

It shouldn't cause problems, but the php developers are notorious in failing to make the app backwards compatible.