Im wondering... PHP 5.2.5 is fairly old considering, does cPanel release updates to this version of PHP (i.e. is it patched against CVE-2008-0599, CVE-2008-2051, CVE-2008-2108 etc...) and is it "secure"? Mike K.
PHP 5.2.5 is indeed a bit old and you would do good upgrading ... However, PHP is not automatically updated with Cpanel updates but is available to you when you rebuild (and upgrade) your Apache server. You have your choice of 3 ways to upgrade your PHP ... 1. Use "Easyapache" in WHM to upgrade both Apache and PHP 2. In SSH, run /scripts/easyapache 3. Manually compile PHP Code: # php -i | grep "configure" (take a note of the options shown as you'll need those again) # cd /usr/local/src # wget -N http://www.php.net/get/php-5.2.11.tar.bz2/from/this/mirror # tar jxvf ./php-5.2.11.tar.bz2 # cd ./php-5.2.11 # ./configure (!!!! PUT YOUR PREVIOUS OPTIONS HERE !!!!) # make # make check # make install The first 2 options above are both menu driven! Any of the above will get you upgraded! Regarding your security questions, getting you moved up from 5.2.5 to 5.2.11 will help greatly but I would also recommend switching to SuPHP if you not already using it for your PHP type and also installing the "SuHosin" extension which will help with some types of code exploits. --Spiral
At the time of writing the latest PHP version included in EasyApache is PHP 5.2.11. Regarding the specified CVE reports I did not see where they would affect version 5.2.11 and it appeared the CVE IDs listed are for PHP version 5.2.5 or older. As with any PHP version there may a level of risk, but using available security features (e.g., mod_security, SuPHP, Suhosin) and keeping as up-to-date as possible should help to mitigate the risk involved. I would consider using EasyApache to update both Apache and PHP. Here is the menu path to run EasyApache via root access to WHM: WHM: Main >> Software >> EasyApache (Apache Update) Here is the command to run EasyApache via root SSH access: Code: # /scripts/easyapache Related Documentation: EasyApache (Apache Update) Apache & cPanel/WHM
Just so you will feel better. there is no such thing as a secure php version only versions where known holes have been plugged. in that case you need to update.