The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SECURITY ISSUE: GD (php image library)

Discussion in 'Security' started by qwerty, Aug 10, 2007.

  1. qwerty

    qwerty Well-Known Member

    Joined:
    Jan 21, 2003
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    16
    cpanel's easyapache scripts still bundles GD 2.0.28 and as reported over the past few days and weeks there are several exploits for all versions of GD < 2.0.35 some incl. REMOTE ARBITRARY CODE EXECUTION.

    Can cpanel PLEASE update the included GD library to at least 2.0.35 as it's currently sitting on 2.0.28
     
  2. deanstev

    deanstev Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    0
    I'm running 5.2.0 and its using the old GD also...

    Where did the post go from before???
     
  3. ChadE

    ChadE Active Member

    Joined:
    Mar 14, 2005
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    I'm running PHP 5.2.3 (Serious improvement over 5.2.0 - much faster) and I have GD 2.0.35 according to phpinfo. I believe a newer version of GD was bundled in/after 5.2.1. 5.2.3 and 5.2.4RC1 both feature GD updates/enhancements to the GD system.
     
  4. deanstev

    deanstev Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    0
    I've just gone to recompile with 5.2.3, and this is what it says:

    GD (Version 2.0.15)

    WTF?
     
  5. DReade83

    DReade83 Well-Known Member

    Joined:
    Oct 20, 2006
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cheshire, UK
    This is crazy. We're the customers here and shouldn't have to be asking the developers to upgrade the software at our request due to security issues...

    Obviously security isn't a great concern to cPanel as I have rarely seen priorities given to security updates previously. I mean, look how long it took for PHP 5.2.2 and 5.2.3 to hit the Apache Update page. Both versions hit the page at the same time which is pretty pointless in my opinion and, in addition, both hit the page weeks after release.

    So, the question is how long will it take to get the GD Library updated? Anyone like to have a guess?
     
  6. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    easyapache 1.5 no longer installs gd. It uses the one the is bundled with php. The version is just a display artifact left over in the system (which will be going away once easyapache 3 is relased).
     
Loading...

Share This Page