The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP security bugs

Discussion in 'Security' started by split, Apr 12, 2006.

  1. split

    split Member

    Joined:
    Sep 30, 2005
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    It seems that there are new bugs on some versions of PHP.
    I've some servers with Cpanel's PHP v4.3.11.
    Does Cpanel fixes these security bugs for all supported versions?
    Have I to upgrade to 4.4.1?

    Thanks for your answers.

    Regards,
    Alvaro.
     
  2. randomuser

    randomuser Well-Known Member

    Joined:
    Jun 25, 2005
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    If/when you upgrade, I recommend going to 4.4.2. 4.4.1 is pure garbage, in that it has a nasty memory leak that can turn your server into a brick in *seconds*. Protip: if you use easyapache to upgrade PHP, check to ensure it installed the version you wanted to install. Just because you choose version x.x.x doesn't mean that's what's going to be installed, as we found out the hard way.
     
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    If you think there is a security bug in Php application(s), you have to support your claim. In addition, you need to report any bugs with Php author and not the cPanel. Go to: www.php.net and submit your complaint there.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Err, the bugs in php v4.3.11 are very commonly know and have been well advertised on Bugtraq if you aren't aware. No-one should be running on v4.3 anymore as it has some severe security holes in it (e.g. bypassing open_basedir to name but one).
     
Loading...

Share This Page