[UPHPU] PHP Vulnerability
etierra at gmail.com
Fri Dec 17 17:06:11 MST 2004
On Fri, 17 Dec 2004 14:56:41 -0700 (MST), John
<lists at strictlyrockymountain.com> wrote:
> Am I the only one that doesn't program that way? I have no code (written
> by myself) that is vunerable from this (based on the functions affected).
Your not the only one John. I also avoid it since it really honestly
doesn't make things easier to program at all. It isn't very object
oriented either. Either way though, I have users that use scripts like
phpBB2, so I still have to watch and upgrade.
On Fri, 17 Dec 2004 14:34:28 -0700 (MST), David Smith
<DavidSmith at byu.net> wrote:
> If upgrading to PHP5 is not an option, what the heck am I supposed to do
> about this?
If this wasn't answered earlier, there's a new version of both PHP4
(4.3.10) and PHP5 (5.0.3). I also just want to remind everyone to
double check that you've patched/recompiled your CLI binary, your CGI
binary (if you have a separate installation for CGI), and also
mod_php. I know a lot of people that have been fooled keeping mod_php
up-to-date (since they check versions in Apache), but are still
running old versions of the CLI/CGI.
More information about the UPHPU