The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php 5.2.17 security backports question

Discussion in 'Security' started by Venomous21, Jun 28, 2012.

  1. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello,

    I run the default apache (2.2.22) and php installation (5.2.17) and installed using easyapache through cpanel/WHM.

    Secunia dot com released several security vulnerability notifications today that affect php 5.3x and 5.4x (and presumably 5.2x as well but I could be wrong).

    Some of these vulnerabilities were reported today and others about a month ago. Have they already been backported to php 5.2.17 by the cpanel team when installed using easyapache? If not, will they? Or is the only choice to upgrade to the latest version of php 5.3x or 5.4x to be protected against these latest vulnerabilities?

    We run many websites and unfortunately trying to get the web developers to update their code to work with php 5.3x and newer is a PITA. I'd still like to run php 5.2x but not if it's going to lead to the server getting rooted through arbitrary code execution vulnerabilities in php 5.2x.

    Any info or tips are greatly appreciated.

    Thank you!

    secunia dot com/advisories/49731/ (cve's listed here)
    secunia dot com/advisories/49014/ (cves listed here)
     
  2. nospa

    nospa Well-Known Member

    Joined:
    Apr 23, 2012
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Reseller Owner
  3. d'argo

    d'argo Active Member

    Joined:
    Jul 4, 2012
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I know this might seem like a dumb question, but does cpanel backport fixes from php 5.3 and 5.4 to 5.2? and if so is there a changelog somewhere that lists what cves have been addressed?

    thanks in advance to anyone that knows, my boss is on us to prove we can still use php 5.2 safely
     
  4. nospa

    nospa Well-Known Member

    Joined:
    Apr 23, 2012
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Reseller Owner
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The link you provide isn't from the provider of PHP itself but a separate google project to support a deprecated version when the company who provided PHP 5.2 originally isn't even supporting it any longer.

    Please keep in mind that we provide PHP 4 and PHP 5.2 as a courtesy to our customers. If you wish to see us add the patches, then a feature request would be the way to go:

    Feature Requests for cPanel/WHM
     
  6. nospa

    nospa Well-Known Member

    Joined:
    Apr 23, 2012
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Reseller Owner
Loading...

Share This Page