The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP 4.4.5 Released

Discussion in 'General Discussion' started by pjman, Feb 15, 2007.

  1. pjman

    pjman Well-Known Member

    Joined:
    Mar 22, 2003
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New York
    Any idea when 4.4.5 will be available in easyAPache?

    Security Enhancements and Fixes in PHP 5.2.1 and PHP 4.4.5:

    Fixed possible safe_mode & open_basedir bypasses inside the session extension.
    Fixed unserialize() abuse on 64 bit systems with certain input strings.
    Fixed possible overflows and stack corruptions in the session extension.
    Fixed an underflow inside the internal sapi_header_op() function.
    Fixed non-validated resource destruction inside the shmop extension.
    Fixed a possible overflow in the str_replace() function.
    Fixed possible clobbering of super-globals in several code paths.
    Fixed a possible information disclosure inside the wddx extension.
    Fixed a possible string format vulnerability in *print() functions on 64 bit systems.
    Fixed a possible buffer overflow inside ibase_{delete,add,modify}_user() functions.
    Fixed a string format vulnerability inside the odbc_result_all() function.

    Security Enhancements and Fixes in PHP 4.4.5 only:

    Fixed possible overflows inside zip & imap extensions.
    Fixed a possible buffer overflow inside mail() function on Windows.
    Unbundled the ovrimos extension.

    The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to the 5.2.1 or 4.4.5 releases as soon as possible.
     
  2. Kelmas

    Kelmas Well-Known Member

    Joined:
    Nov 6, 2006
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lithuania
    Yeah, I am curious too :)
     
  3. tripper

    tripper Member

    Joined:
    Feb 11, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    N.W. Iowa
    PHP 4.4.5 is available now in the WHM/Apache Update.

    Mickalo
     
  4. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    Just a FYI. The 4.4.5 version broke all our osCommerce carts except the admin section and logs came up with a segmentation fault. Switched back to 4.4.4 fixed the carts.
     
  5. Jones

    Jones Well-Known Member

    Joined:
    Jul 10, 2004
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    Yes, same with our clients.
     
  6. arhs

    arhs Well-Known Member

    Joined:
    Jul 4, 2003
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16
    Same here, had to downgrade back to PHP 4.4.4.
     
  7. WireNine

    WireNine Well-Known Member

    Joined:
    Aug 14, 2006
    Messages:
    197
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Is that cpanel's fault or the script's fault or php's fault?
     
  8. Kelmas

    Kelmas Well-Known Member

    Joined:
    Nov 6, 2006
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lithuania
    Updated to 4.4.5 :) Seems like custom CMS and vBulletin runs without any problems.
     
  9. fleksi

    fleksi Well-Known Member

    Joined:
    Sep 17, 2003
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
    See http://bugs.php.net/bug.php?id=40514

    -Fl-
     
  10. JamesSmith

    JamesSmith Well-Known Member

    Joined:
    Sep 17, 2003
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK, Luton
    Typical PHP. They release something half baked.
     
  11. ttk_2k

    ttk_2k Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    They said "fixed in CVS"...

    Is that meaning we will have to wait untill their next release?
     
  12. JamesSmith

    JamesSmith Well-Known Member

    Joined:
    Sep 17, 2003
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK, Luton
    You can either run the CVS version (I wouldn't advise this on a production server) or wait until they release an update that addresses the problem.
     
  13. ttk_2k

    ttk_2k Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Thank you, as far as I understand, the CPanel daily auto-update won't automatically upgrade PHP to the latest version, will she??
     
  14. Rooter

    Rooter Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    146
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    Root Administrator
    The automatic updates in cPanel (via the scheduled upcp script) will not automatically upgrade PHP; that normally requires manual intervention.
     
  15. arhs

    arhs Well-Known Member

    Joined:
    Jul 4, 2003
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16
    No, you will need to recompile apache using WHM or /scripts/easyapache
     
  16. ttk_2k

    ttk_2k Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Thank you.

    I'll wait untill they kick out the next stable update.
     
  17. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The PHP developers have proven time and again that they're a bunch of cowboys. It could be months before they bother to release a new version for what they've broken. The v4.4.5 release that was meant to address security concerns took months to appear after they were reported to them. They seem to like leaving things to fester in CVS - maybe they'll preve me wrong (not holding breath).

    That's my rant over ;)
     
  18. qwerty

    qwerty Well-Known Member

    Joined:
    Jan 21, 2003
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    16
    this is friggin insane ! we need to upgrade php for security reasons but can't do so as it will break literally hundreds of oscommerce installs

    waiting for 4.4.6 is out of question too as it could and probably will take months before released. if anyone find a quicker solution please post it here !!
     
  19. shopcentar

    shopcentar Well-Known Member
    PartnerNOC

    Joined:
    Jul 10, 2004
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Hello,

    its true, but not only php 4.4.5 have problems, we have tested 5.2.1 and Oscommerce working fine on php 5.2.1 but we have some sites that not working

    I now that http://phpwebsite.appstate.edu/ project dont work on 5.2.1
    (maybe my Client have old version but when we make back to 5.2.0 all is fine.


    so, for now is also better to stay on 5.2.0

    bye, Sasa
     
  20. ttk_2k

    ttk_2k Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    I finally did an upgrade yesterday night, since I thought I don't have any oscommerce system running on my box and I won't install it, now seems everything is fine.

    What I have on my box are wordpress, vbulletin and a guestbook, they seem to work fine with the latest 4.4.5.

    Best luck
     
Loading...

Share This Page