PHP 5.3.10 released (security)

It is in Custombuild, however there is server propagation, and it could take up to 24 hours to propagate to all servers.
 
The current stable release is affected; however, it is not yet clear whether the questionable patch was also applied to older versions.
Click to expand...

I still can't understand, if PHP 5.2.x is also affected or not?
 
zEitEr said:
I still can't understand, if PHP 5.2.x is also affected or not?
Click to expand...

http://www.securityfocus.com/bid/51830
PHP PHP 5.3.9
PHP PHP 5.3.8
PHP PHP 5.3.7
PHP PHP 5.3.6
PHP PHP 5.3.5
Click to expand...

http://www.securitytracker.com/id/1026631
This vulnerability was introduced in version 5.3.9 in the fix for CVE-2011-4885.
Click to expand...

So 5.2.x doesn't have this vulnerability, since it doesn't have the fix for the hash bug (CVE-2011-4885), which causes the CPU load when attacked. I guess if you really have reasons to stick to 5.2 (there are not many, you can hide deprecated warnings) - you need at least suhosin to have some kind of protection.
 
Thank you for clarification. We've installed suhosin on some of our servers, and going to install it further, while we are testing 5.3.x.
 
zEitEr said:
Thank you for clarification. We've installed suhosin on some of our servers, and going to install it further, while we are testing 5.3.x.
Click to expand...

Did you managed to install suhosin with php 3.5.10 and it`s works?
 
You must log in or register to reply here.
Back
Top