Author Topic: PHP Critical Security Fix (Read 355 times)

cms07 · « **on:** February 03, 2012, 11:28:45 PM »

http://www.php.net/archive/2012.php#id2012-02-02-1

Quote

The PHP development team would like to announce the immediate availability of PHP 5.3.10. This release delivers a critical security fix.

Security Fixes in PHP 5.3.10:

Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.
All users are strongly encouraged to upgrade to PHP 5.3.10.

Is this an issue?

zzbomb · « **Reply #1 on:** February 03, 2012, 11:31:52 PM »

Server does not run PHP 5.3.*
So no.

PHP 5.3.* is an unstable release. PHP does releases where odd numbers are unstable and even numbers are stable. So I keep the 5.2.* branch up to date, dont touch the 5.3.* and will eventually upgrade when 5.4.* is officially released and stable.

Not to mention 5.2.* has highest level of compatibility with things. Only a few odd scripts like the latest version of moodle require 5.3.*

cms07 · « **Reply #2 on:** February 03, 2012, 11:47:27 PM »

Quote from: zzbomb on February 03, 2012, 11:31:52 PM

Server does not run PHP 5.3.*
So no.

PHP 5.3.* is an unstable release. PHP does releases where odd numbers are unstable and even numbers are stable. So I keep the 5.2.* branch up to date, dont touch the 5.3.* and will eventually upgrade when 5.4.* is officially released and stable.

Not to mention 5.2.* has highest level of compatibility with things. Only a few odd scripts like the latest version of moodle require 5.3.*

Thanks. I do not stay up with or really use PHP anymore.

Confuser · « **Reply #3 on:** February 04, 2012, 07:17:31 AM »

That vulnerability was caused by a fix to a previous vulnerability in which a server can be overloaded as there is no limit on the amount of $_REQUST data someone can send

zzbomb · « **Reply #4 on:** February 04, 2012, 08:27:14 PM »

Quote from: Confuser on February 04, 2012, 07:17:31 AM

That vulnerability was caused by a fix to a previous vulnerability in which a server can be overloaded as there is no limit on the amount of $_REQUST data someone can send

Ah. That.. Yea I heard something about that when it was found. Quite the commotion.

Primefalcon · « **Reply #5 on:** February 04, 2012, 08:38:49 PM »

Quote from: Emmanuel Goldstein on February 03, 2012, 11:47:27 PM

Quote from: zzbomb on February 03, 2012, 11:31:52 PM
Server does not run PHP 5.3.*
So no.

PHP 5.3.* is an unstable release. PHP does releases where odd numbers are unstable and even numbers are stable. So I keep the 5.2.* branch up to date, dont touch the 5.3.* and will eventually upgrade when 5.4.* is officially released and stable.

Not to mention 5.2.* has highest level of compatibility with things. Only a few odd scripts like the latest version of moodle require 5.3.*
Thanks. I do not stay up with or really use PHP anymore.

What do you use then for server side programming?

cms07 · « **Reply #6 on:** February 04, 2012, 08:57:51 PM »

Quote from: Primefalcon on February 04, 2012, 08:38:49 PM

Quote from: Emmanuel Goldstein on February 03, 2012, 11:47:27 PM
Quote from: zzbomb on February 03, 2012, 11:31:52 PM
Server does not run PHP 5.3.*
So no.

PHP 5.3.* is an unstable release. PHP does releases where odd numbers are unstable and even numbers are stable. So I keep the 5.2.* branch up to date, dont touch the 5.3.* and will eventually upgrade when 5.4.* is officially released and stable.

Not to mention 5.2.* has highest level of compatibility with things. Only a few odd scripts like the latest version of moodle require 5.3.*
Thanks. I do not stay up with or really use PHP anymore.
What do you use then for server side programming?

I don't do it often, now.

Pinako · « **Reply #7 on:** February 04, 2012, 09:57:23 PM »

... and, updated.

For server-side programming, I prefer Python. I run PHP for Wordpress.

cms07 · « **Reply #8 on:** February 05, 2012, 12:34:30 AM »

Quote from: Pinako on February 04, 2012, 09:57:23 PM

... and, updated.

For server-side programming, I prefer Python. I run PHP for Wordpress.

I've always been turned off by the seemingly fragmented users (2 and 3). Many libraries are 2.

Primefalcon · « **Reply #9 on:** February 05, 2012, 01:24:35 AM »

Quote from: Emmanuel Goldstein on February 05, 2012, 12:34:30 AM

Quote from: Pinako on February 04, 2012, 09:57:23 PM
... and, updated.

For server-side programming, I prefer Python. I run PHP for Wordpress.
I've always been turned off by the seemingly fragmented users (2 and 3). Many libraries are 2.

Which is why if compatibility is a concern your recommended to stick with 2 atm..... And I agree Inp Python is a kick arse langauge.... and is my preferred scripting language on the desktop.... however on web servers I still prefer PHP, it just feels more suited to that role to me without any extra frameworks/toolkits

Author Topic: PHP Critical Security Fix (Read 355 times)

cms07

PHP Critical Security Fix

zzbomb

Re: PHP Critical Security Fix

cms07

Re: PHP Critical Security Fix

Confuser

Re: PHP Critical Security Fix

zzbomb

Re: PHP Critical Security Fix

Primefalcon

Re: PHP Critical Security Fix

cms07

Re: PHP Critical Security Fix

Pinako

Re: PHP Critical Security Fix

cms07

Re: PHP Critical Security Fix

Primefalcon

Re: PHP Critical Security Fix