Resultados 1 a 4 de 4
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Nov 2010
    Posts
    1,611

    Medium Level Vulnerability on Certain Versions of PHP

    Acabei de receber da WiredTree
    *
    *
    *
    We are contacting you regarding a medium level PHP vulnerability (National Vulnerability Database (NVD) National Vulnerability Database (CVE-2013-6420)) that impacts certain PHP versions:

    * All versions of PHP 5.2.x.
    * All versions of PHP 5.3 before 5.3.28.
    * All versions of PHP 5.4 before 5.4.23.
    * All versions of PHP 5.5 before 5.5.7.

    This vulnerability may cause a PHP applications that uses the PHP openssl_x509_parse() function to parse a malicious x509 certificate which and trigger a memory corruption that might result in an arbitrary user level code execution. This means that if any of your cPanel user's PHP scripts connect outbound to third party sites via SSL (HTTPS) you most likely want to consider upgrading your PHP to the most current versions within EasyApache. The rare case that one of your trusted third party sites, of which your PHP scripts are programmed to connect to, is compromised and it starts providing a malicious x509 certificate, this would open up your server to this specific vulnerability.

    cPanel, Inc. has released EasyApache 3.22.25 with PHP versions 5.3.28, 5.4.23, and 5.5.7. This release addresses CVE-2013-6420 by fixing bugs in the PHP OpenSSL module.

    You can verify your PHP version and upgrade your server at your convenience by following the following steps:

    1) Log into your server's WHM as the root user.
    2) Go to Home > Software > EasyApache (Apache Update)
    3) Click "Start customizing based on profile"
    4) Keep your Apache version the same and click "Next Step".
    5) Select 5.3.28, 5.4.23, or 5.5.7 as your PHP version and click "Next Step" (PHP 5.4.23 is considered most stable current by cPanel)
    6) Scroll to the bottom of the Short Options List and click "Save and Build"

    EasyApache will then build your server with the selected PHP version. This process takes ~30 to 40 minutes. WiredTree does not pro-actively upgrade Apache/LSWS, PHP or MySQL on your server due to compatibility issues without prior customer consent as we don't want to break important sites when changing versions on these services.

    If you have LiteSpeed WebServer or an older PHP version please see the below sections.

    LiteSpeed WebServer: If you have LiteSpeed WebServer it should auto rebuild your LSPHP to match your new version. You can manually rebuild LiteSpeed's PHP version by going to Home Plugins LiteSpeed Web Server Plugin and clicking on Build Matching LSPHP. If it says no action needed you do not have to do anything further. If it shows a mismatch on the PHP versions, hit the rebuild button and it will auto-build PHP for you.

    PHP 5.2.x or older: If you have an older PHP version such as PHP 5.2.x, or PHP 4.x, you highly need to consider moving to PHP 5.3.x at a minimum. Any PHP versions below PHP 5.3.x are no longer being updated by the PHP developers and are considered at end of life. Due to the changes within PHP between PHP 4 / PHP 5 and PHP 5.2.x / PHP 5.3.x you need to make sure your site code and scripts are compatible with PHP 5.3.x+ before upgrading. Upgrading PHP without upgrading your legacy site code may cause issues.

    If you have any issues with the upgrading your PHP on your server, have any questions or you wish for WiredTree to handle the upgrade for you, please open a new Grove support ticket and we would be happy to assist you!
    oGigante.com*• Revenda de Hospedagem Cloud Linux + WHMCS Grátis
    VWhost.com.br • Revenda de Hospedagem Linux Cpanel + CloudFlare
    Zocka.com.br • Hospedagem de Sites Cpanel + Construtor de Sites

  2. #2
    Web Hosting Guru
    Data de Ingresso
    May 2011
    Posts
    331
    o problema são os erros de scripts que dão nas versoes novas do php, alguem testou em produção a 5.4 e sabe se está dando muito problema?

  3. #3
    Web Hosting Master
    Data de Ingresso
    Aug 2011
    Localização
    /home
    Posts
    897
    Citação Postado originalmente por maksol Ver Post
    o problema são os erros de scripts que dão nas versoes novas do php, alguem testou em produção a 5.4 e sabe se está dando muito problema?
    6 servidores de hospedagem/revenda compartilhada rodando PHP 5.4 + 4 meses sem problemas.
    Scripts obsoletos, ou fazem atualizações ou ficam para trás.

  4. #4
    Web Hosting Master
    Data de Ingresso
    Apr 2012
    Posts
    667
    eu tava curioso pra rodar o 5.5 com o opcache no shared.. alguém ja testou isso?

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •