PHP: Multiple vulnerabilities - Severity: high

jamesbond

Well-Known Member
Oct 9, 2002
738
1
168
What really surprises me is that php 4.4.3 still hasn't been released after this, and other issues, were discovered a few weeks ago.

Maybe that's part of the php group's strategy: push everyone to php5 before they release php6 :)
 
Last edited:

ramprage

Well-Known Member
Jul 21, 2002
651
0
166
Canada

cooldude7273

Well-Known Member
Jan 11, 2004
357
0
166
Roswell, GA
cPanel doesn't find security problems very urgent normally.
 

rpmws

Well-Known Member
Aug 14, 2001
1,802
9
318
back woods of NC, USA
i just got a hold of Nick and he is on it for us :)
 

cooldude7273

Well-Known Member
Jan 11, 2004
357
0
166
Roswell, GA
Cool, but could you define "on it" a bit more. :)
 

rpmws

Well-Known Member
Aug 14, 2001
1,802
9
318
back woods of NC, USA
cooldude7273 said:
Cool, but could you define "on it" a bit more. :)
they know about the issue and should be working on a buildapache to offer the newer versions. Don't have a time frame ..just know they know about it and a security email went out earlier.
 

rpmws

Well-Known Member
Aug 14, 2001
1,802
9
318
back woods of NC, USA
MN-Robert said:
Looks like buildapache has been updated.
saying that they don't care about security might not be fair. You just need to give them a little time and make sure they are aware :)
 

rpmws

Well-Known Member
Aug 14, 2001
1,802
9
318
back woods of NC, USA
as of 10PM EST it's not quite ready yet. .....
 

rpmws

Well-Known Member
Aug 14, 2001
1,802
9
318
back woods of NC, USA
Infopro said:
Thanks rpmws. Keep an 'eye' on it for us won't you? (looking at your av) ;)
Just spoke with nick again and he said they are working on it will do their best to get an updated version out by Monday at the latest.
 

rpmws

Well-Known Member
Aug 14, 2001
1,802
9
318
back woods of NC, USA
elitewebninja said:
Any update on this?
was just told that it was updated via email from Nick but it isn't yet so I am waiting to hear back from him.
 

cPDan

cPanel Staff
Staff member
Mar 9, 2004
721
13
243
Hello everyone,

I just wanted to give you all an update as to how this is coming:

Rest assured that adding PHP 5.1.4 into easyapache is very important to us. Its actually in process right now (I talked with the developer doing it about an hour ago) and it will be out ASAP pending the resolution of PHPs lib64 problem and its mysql problem.

We've been in contact with the PHP folks for some time about these probelms but they have yet to resolve them (even though we've supplied patches for them) so we are forced to resolve them ourselves and that takes time to apply to a new version unfortunately.

Thank you all very much for your patience and feedback. I might mention that the new easyapache that is in QA currently was designed to make it much easier for updates to various components to be released much faster, so soon thread like this will no longer exist ;)

Have a great day all!
 

cooldude7273

Well-Known Member
Jan 11, 2004
357
0
166
Roswell, GA
5.1.4 is in easy apache now! (not the new easyapache, just 5.1.4)

But it doesn't work for me! I compiled 5.1.4 with all my usual options, and I get a few errors during build, and at the end I am still stuck with 5.0.5! :eek:

What I'm compiling:
Code:
configure php-5.1.4...(--with-apxs=/usr/local/apache/bin/apxs --prefix=/usr/local --with-xml --enable-bcmath --enable-calendar --with-curl --enable-ftp --with-gd --with-jpeg-dir=/usr/local --with-png-dir=/usr --with-xpm-dir=/usr/X11R6 --with-gettext --with-mcrypt --enable-magic-quotes --with-mysqli --with-mysql=/usr --with-openssl --enable-discard-path --with-pear --with-pgsql=/usr --enable-sockets --enable-track-vars --with-ttf --with-freetype-dir=/usr --enable-gd-native-ttf --with-zlib)
Error:

make: *** [libphp5.la] Error 1
make: *** Waiting for unfinished jobs....
libtool: link: cannot find the library `/usr/lib/mysql/libz.la'
make: *** [sapi/cli/php] Error 1
 
Last edited:

XPerties

Well-Known Member
Apr 10, 2003
401
0
166
New Jersey, USA
I tried 5.1.4 and had issues with my company order page not properly loading the entire page during a client order process.


What errors are you getting?