[UPHPU] PHP Vulnerability
Fred Larsen
fred at bitwyze.com
Fri Dec 17 15:38:47 MST 2004
I upgraded one of our servers to 4.3.10 and it broke Smarty. Can
anyone else confirm that this is happening to you?
Fred
On Dec 17, 2004, at 2:49 PM, Lonnie Olson wrote:
> On Dec 17, 2004, at 2:34 PM, David Smith wrote:
>> I'm sure many of you saw this today:
>>
>>
>> http://developers.slashdot.org/article.pl?sid=04/12/17/
>> 1641212&tid=169&tid=172
>>
>> If upgrading to PHP5 is not an option, what the heck am I supposed to
>> do
>> about this? I maintain a web app that has to work in a multiplicity of
>> different environments, not just Apache/Linux/PHP4. Is there
>> something I
>> can do in my php code to prevent this exploit? In one case, I am using
>> unserialize() to unserialize data directly from a POST. I could
>> probably
>> rewrite the code to not use the POST data, but what option do I have
>> if
>> that is not possible? Anyone?
>
> So don't upgrade to 5 just yet. Upgrade to 4.3.10. I am in the
> process of upgrading all my servers today.
>
> --lonnie
>
>
>
> _______________________________________________
>
> UPHPU mailing list
> UPHPU at uphpu.org
> http://uphpu.org/mailman/listinfo/uphpu
> IRC: #uphpu on irc.freenode.net
>
> Sponsored by hostinginferno.com!
More information about the UPHPU
mailing list