11-01-2005 | vulnerabilities are reported to affect PHP versions 4.4.0 and prior

Nugen

Registered
Nov 1, 2005
3
0
151
There is a new set of serious security exploits found in PHP. Currently we can only compile 4.4.0. When will 4.4.1 be available via WHM?


INFO:
=======================
http://secunia.com/advisories/16502
http://www.php.net/release_4_4_1.php
http://www.hardened-php.net/advisories.15.html
=======================

Shout goes out over PHP security bugs
http://www.theregister.co.uk/2005/11/01/php_security_vuln/
=======================
Security researchers have identified numerous new vulnerabilities in PHP - the popular, open source web development environment. The critical security flaws create a possible means for hackers to conduct cross-site scripting attacks, bypass certain security restrictions or even (at least potentially) compromise a vulnerable system.

The vulnerabilities are reported to affect PHP versions 4.4.0 and prior. Users are advised to update to version 4.4.1 (release notes here). Most of this batch of PHP security vulnerabilities (summary) were discovered by Stefan Esser, of the Hardened-PHP Project, which has published a series of advisories here.

The security bugs described by the Hardened-PHP Project are yet to be developed into s'kiddie friendly exploits. But the past appearance of PHP-targeting worms, and the damage they caused, really ought to prompt the rapid deployment of security updates.
 

fred123123

Well-Known Member
Jul 23, 2005
74
0
156
is there any known problem about updating from 4.3.11 to 4.4.1... ? Can it break scripts of my users ?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,441
31
473
Go on, have a guess
It shouldn't cause problems, but the php developers are notorious in failing to make the app backwards compatible.