The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP 4.4.7 Released ???

Discussion in 'General Discussion' started by pjman, May 4, 2007.

  1. pjman

    pjman Well-Known Member

    Joined:
    Mar 22, 2003
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New York
    After the 4.4.5 debacle, are you going to rush to upgrade? It's not in easy apache yet, but when it is, please post if you have any trouble upgrading.


    PHP 4.4.7 Release Announcement

    The PHP development team would like to announce the immediate availability of PHP 4.4.7.

    This release continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible.

    Security Enhancements and Fixes in PHP 4.4.7:

    Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
    Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
    Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser)
    Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser)
    Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
    Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser).
    Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser)
    XSS in phpinfo() (MOPB-8 by Stefan Esser)
    Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
    Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser)
    Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev)
    While majority of the issues outlined above are local, few issues such as the XML-RPC overflows can be triggered remotely and therefor should be considered critical. If you use the XML-RPC extension consider upgrading as soon as possible.

    Other improvements of PHP 4.4.7 include:

    About 10 bug fixes.
     
  2. IRCBrasil

    IRCBrasil Well-Known Member

    Joined:
    Jul 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    I would like to know too, someone knows if there are some bugzilla to vote?
     
  3. rachweb

    rachweb Well-Known Member

    Joined:
    Jun 26, 2004
    Messages:
    268
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    amsterdam
  4. pjman

    pjman Well-Known Member

    Joined:
    Mar 22, 2003
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New York
    Dan's Comments

    "4.4.7 can wait until the "STABLE" even number release since its just another
    "fix" fot the eternal phpinof() XSss bug and the rush to upgrade will just
    result in the need to upgrade again shortly."

    He is right. The PHP crew always muff up when they find a spill over bug from 5 to 4. I personally will wait two weeks to make judgement on 4.4.7
     
  5. rachweb

    rachweb Well-Known Member

    Joined:
    Jun 26, 2004
    Messages:
    268
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    amsterdam
    The stable version while be 4.4.8. if you upgrade now or 2 weeks later is still there same bugs/problems. Even numbers are the stable version.
     
  6. Matt Wade

    Matt Wade Member

    Joined:
    Jul 22, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1

    Even and odd numbering mean nothing in PHP versioning.
     
  7. silversurfer

    silversurfer Well-Known Member

    Joined:
    Dec 29, 2002
    Messages:
    274
    Likes Received:
    0
    Trophy Points:
    18
    This also can be dangerous security wise:

    Fixed MOPB-21-2007 (An open_basedir/safe_mode bypass inside the compress.bzip2 wraper).
     
  8. ttk_2k

    ttk_2k Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Any one know that if it is available on CPanel updates or EasyApache now? THX!!
     
  9. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    For those that wondered why it didn't happen last Friday, or during the weekend, we generally don't release such updates on a weekend.

    With that said, I'm looking forward to all the "fun" caused by the latest versions of PHP.
     
Loading...

Share This Page