Community Forums
Connect with us on LinkedIn
Community Notice
+ Reply to Thread
Page 1 of 6 1 2 3 ... LastLast
Results 1 to 15 of 77
  1. #1
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    May 2003
    Location
    Ukraine
    Posts
    195
    cPanel/Enkompass Access Level

    Root Administrator

    Default PHP 4.4.1 has been released

    PHP 4.4.1 is now available for download [1]. This version is a maintenance release, that contains numerous bug fixes, including a number of security fixes related to the overwriting of the GLOBALS array. All users of PHP 4.3 and 4.4 are encouraged to upgrade to this version.


    Wondering - when it will be in easyapache?
    Regards, Alexey

  2. #2
    Member
    Join Date
    May 2002
    Posts
    119

    Default

    TITLE:
    PHP Multiple Vulnerabilities

    SECUNIA ADVISORY ID:
    SA17371

    VERIFY ADVISORY:
    http://secunia.com/advisories/17371/

    CRITICAL:
    Moderately critical

    IMPACT:
    Security Bypass, Cross Site Scripting, DoS, System access

    WHERE:
    >From remote

    SOFTWARE:
    PHP 4.0.x
    http://secunia.com/product/1655/
    PHP 4.1.x
    http://secunia.com/product/1654/
    PHP 4.2.x
    http://secunia.com/product/105/
    PHP 4.3.x
    http://secunia.com/product/922/
    PHP 4.4.x
    http://secunia.com/product/5768/
    PHP 5.0.x
    http://secunia.com/product/3919/

    DESCRIPTION:
    Some vulnerabilities have been reported in PHP, which can be
    exploited by malicious people to conduct cross-site scripting
    attacks, bypass certain security restrictions, and potentially
    compromise a vulnerable system.

    1) An error where the "GLOBALS" array is not properly protected, can
    be exploited to define global variables by sending a
    "multipart/form-data" POST request with a specially crafted file
    upload field, or via a script calling the PHP function "extract()" or
    "import_request_variables()".

    Successful exploitation may open up for vulnerabilities in various
    applications, but requires that "register_globals" is enabled.

    The vulnerability has been reported in versions 4.4.0 and 5.0.5, and
    prior.

    2) An error in the handling of an unexpected termination in the
    "parse_str()" PHP function, can be exploited to enable the
    "register_globals" directive for the current execution by e.g.
    triggering a memory_limit request shutdown in a script calling
    "parse_str()".

    The vulnerability has been reported in versions 4.4.0 and 5.0.5, and
    prior.

    3) Some unspecified input passed to the "phpinfo()" PHP function
    isn't properly sanitised before being returned to the user. This can
    be exploited via a script calling "phpinfo()" to execute arbitrary
    HTML and script code in a user's browser session in context of an
    affected site.

    The vulnerability has been reported in versions 4.4.0 and 5.0.5, and
    prior.

    4) An integer overflow error in pcrelib may be exploited to cause a
    memory corruption via a script calling a PHP function using the PCRE
    library where the regular expression can be controlled by the
    attacker.

    For more information:
    SA16502

    Successful exploitation may allow execution of arbitrary code.

    5) The problem is that it is possible to bypass the "safe_mode" and
    "open_basedir" protection mechanisms via the "ext/curl" and "ext/gd"
    modules.

    6) An unspecified error in calling "virtual()" on Apache 2 can be
    exploited to bypass certain configuration directives (e.g.
    "safe_mode" and "open_basedir").

    Other bugs have also been reported where some may be security
    related.

    SOLUTION:
    Update to version 4.4.1.
    http://www.php.net/downloads.php

  3. #3

  4. #4
    Member
    Join Date
    May 2004
    Posts
    164

    Default

    How do I update ?

    Thanks

  5. #5
    Member
    Join Date
    Jan 2005
    Posts
    159

    Default

    with easy apache but you must wait for the zend optimizer which will work with php 4.4.1

  6. #6
    Member
    Join Date
    Sep 2003
    Posts
    147

    Default

    Quote Originally Posted by dropby23
    with easy apache but you must wait for the zend optimizer which will work with php 4.4.1
    Edit /scripts/installzendopt and change
    http://downloads.zend.com/optimizer/...imizer-2.5.10-..
    to
    http://downloads.zend.com/optimizer/...timizer-2.5.10a-..

  7. #7
    cPanel Partner NOC cPanel Partner NOC Badge
    Join Date
    May 2003
    Location
    Ukraine
    Posts
    195
    cPanel/Enkompass Access Level

    Root Administrator

    Default

    I'm there.
    +1.
    Regards, Alexey

  8. #8
    Member
    Join Date
    May 2004
    Posts
    164

    Default

    Quote Originally Posted by dropby23
    with easy apache but you must wait for the zend optimizer which will work with php 4.4.1
    I didn't use /scripts/easyapache include php 4.4.1 ?

  9. #9
    Member
    Join Date
    Jan 2005
    Posts
    159

    Default

    it will include soon but as i said before you must reinstall the zend which includes your php version

  10. #10
    Member
    Join Date
    Jul 2003
    Posts
    111

    Default

    I see PHP 4.4.1 is now available... via '/scripts/easyapache' and WHM, has any one upgraded to 4.4.1 yet?

  11. #11
    Member
    Join Date
    Jul 2003
    Location
    Plymouth, UK
    Posts
    31

    Default

    I have just upgraded via whm and have had no problems so far, also updates Zend with the info from Rubas (thanks Rubas).

  12. #12
    Registered User
    Join Date
    Feb 2005
    Posts
    3

    Default

    Hi

    Can the update be done via Update Apache in WHM?
    I see 4.4.1 in there but am concerned about the above comments re: Zend.

    Thanks

  13. #13
    Member
    Join Date
    Jan 2005
    Posts
    159

    Default

    this will work with this if u are using linux
    http://downloads.zend.com/optimizer/...21-i386.tar.gz

  14. #14
    Registered User
    Join Date
    Feb 2005
    Posts
    3

    Default

    Thanks dropby23

    What am I meant to do with it though? Do I run the install script from the archive or put it somewhere then run apache update?

    Sorry for the numpty questions, I'm not used to doing stuff from within WHM.

  15. #15
    Member
    Join Date
    Jan 2005
    Posts
    65

    Default

    just run /scripts/installzendopt once you make the changes and do this after you install php 4.4.1

+ Reply to Thread
Page 1 of 6 1 2 3 ... LastLast
Similar Threads & Tags
Similar threads

  1. PHP 5.2.11 Released
    By DjiXas in forum cPanel and WHM Discussions
    Replies: 21
    Last Post: 09-26-2009, 07:07 AM
  2. PHP 5.2.10 Released!
    By DReade83 in forum cPanel and WHM Discussions
    Replies: 55
    Last Post: 07-02-2009, 09:13 AM
  3. PHP 4.4.9 Released
    By arhs in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 08-10-2008, 06:52 AM
  4. PHP 5.2.1 Released
    By Bulent Tekcan in forum cPanel and WHM Discussions
    Replies: 13
    Last Post: 03-02-2007, 04:54 PM
  5. PHP 4.3.3 Released
    By jackal in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 08-25-2003, 12:25 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube