[UPHPU] PHP Vulnerability
fred at bitwyze.com
Fri Dec 17 15:38:47 MST 2004
I upgraded one of our servers to 4.3.10 and it broke Smarty. Can
anyone else confirm that this is happening to you?
On Dec 17, 2004, at 2:49 PM, Lonnie Olson wrote:
> On Dec 17, 2004, at 2:34 PM, David Smith wrote:
>> I'm sure many of you saw this today:
>> If upgrading to PHP5 is not an option, what the heck am I supposed to
>> about this? I maintain a web app that has to work in a multiplicity of
>> different environments, not just Apache/Linux/PHP4. Is there
>> something I
>> can do in my php code to prevent this exploit? In one case, I am using
>> unserialize() to unserialize data directly from a POST. I could
>> rewrite the code to not use the POST data, but what option do I have
>> that is not possible? Anyone?
> So don't upgrade to 5 just yet. Upgrade to 4.3.10. I am in the
> process of upgrading all my servers today.
> UPHPU mailing list
> UPHPU at uphpu.org
> IRC: #uphpu on irc.freenode.net
> Sponsored by hostinginferno.com!
More information about the UPHPU