The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php 4.3.2 upgrades

Discussion in 'General Discussion' started by kris1351, Jul 4, 2003.

  1. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    Are there still problems with upgrading to this version of php? There is a pretty big security hole in 4.3.1 and it would be great if we could go ahead in versions.

    cPanel.net Support Ticket Number:
     
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    I haven't seen any issues across a fleet of machines.

    cPanel.net Support Ticket Number:
     
  3. MikeMc

    MikeMc Well-Known Member

    Joined:
    May 8, 2002
    Messages:
    161
    Likes Received:
    0
    Trophy Points:
    16
    Any infos or link for the security hole you're talking about. Thank you. I have searched but I haven't found somewhere mentioning a big security hole for php 4.3.1

    cPanel.net Support Ticket Number:
     
  4. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    4.3.1 was actually a security release because of issues in 4.3.0. No massive security issues in 4.3.1.

    cPanel.net Support Ticket Number:
     
  5. Steve-PWH

    Steve-PWH Well-Known Member

    Joined:
    Jun 30, 2002
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16
    4.3.2 is a bug fix update only

    4.3.0 is the one that had the whole in (patched 4.3.1)

    If u what 4.3.2 in CP then deselect (downgrade to 4.3.1) in easyapache

    cPanel.net Support Ticket Number:
     
  6. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    http://www.securityfocus.com/bid/7761/info/

    A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting this vulnerability by constructing a malicious link containing script code embedded within this variable.

    Successful exploitation of this issue would allow an attacker to execute arbitrary script code in a victim's browser within the context of the visited website. This may allow for the theft of sensitive information or other attacks.

    We upgraded to 4.3.2 today just to be sure.

    cPanel.net Support Ticket Number:
     
  7. Pda0

    Pda0 Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    4.3.2 isnt phpsuexec - compatible im afraid.

    .pd

    cPanel.net Support Ticket Number:
     
  8. dysk

    dysk Well-Known Member

    Joined:
    Apr 22, 2003
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Hi-
    I upgraded to php 4.3.2 with no issues.

    Regards,
    Erek Dyskant
    Unix Consultant

    cPanel.net Support Ticket Number:
     
  9. JustinK

    JustinK Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    251
    Likes Received:
    0
    Trophy Points:
    16
    Where did you happen to get that info from?

    cPanel.net Support Ticket Number:
     
  10. Pda0

    Pda0 Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
Loading...

Share This Page