PHP Vulnerabilities - MacRumors need an upgrade

Discussion in 'Current Events' started by Jalexster, Dec 17, 2004.

  1. Jalexster macrumors 6502a

    Joined:
    Jun 8, 2004
    #1
    http://developers.slashdot.org/developers/04/12/17/1641212.shtml?tid=169&tid=172

    From good old Slashdot:

    PHP Vulnerabilities Announced
    PHP
    Security
    Posted by michael on Friday December 17, @12:20PM
    from the rated-o-for-overtime dept.
    Simone Klassen writes "The Hardened-PHP Project has announced several serious and according to them, easy-to-exploit vulnerabilities within PHP. A flaw within the function unserialize() is rated as very critical for millions of PHP servers, because it is exposed to remote attackers through lots of very popular webapplications. The list includes forum software like phpBB2, WBB2, Invision Board and vBulletin. It is time to upgrade now."
     
  2. wdlove macrumors P6

    wdlove

    Joined:
    Oct 20, 2002
    #2
    The only thing that I can understand about this is that there are some type of vulnerabilities. I'm sure that if an upgraded is need, arn will do the needed upgrade. Hopefully someone can explain this to a layman.
     
  3. Josh macrumors 68000

    Josh

    Joined:
    Mar 4, 2004
    Location:
    State College, PA
    #3
    I wish I knew what version of PHP and the forum softwares they were talking about.

    The version is pretty key info they seem to have left out lol. Depending on your version, upgrading may or may not be useful.

    And upgrade what? php, or the forum software?

    I dont know much about PHP, but the little bit I do know is that PHP 5 is apparently much less secure than PHP 4, and the vast majority of forum software is designed for PHP 4.

    If the insecurity of PHP 5 is true, than I cannot see upgrading to it as a security fix being beneffecial to anyone.

    If the forum software is what they mean to update - then everyone should anyway - besides, its free to do :D
     
  4. rjrufo macrumors regular

    Joined:
    Sep 18, 2002
    Location:
    Boston
    #4
    Application: PHP4 <= 4.3.9, PHP5 <= 5.0.2

    Can't say for the Forums

    [EDIT] Upgrade available here [/EDIT]
     

Share This Page