[Cpanel Blog] php 5.2.17 security backports question June,2012

Hello,

I run the default apache (2.2.22) and php installation (5.2.17) and installed using easyapache through cpanel/WHM.

Secunia dot com released several security vulnerability notifications today that affect php 5.3x and 5.4x (and presumably 5.2x as well but I could be wrong).

Some of these vulnerabilities were reported today and others about a month ago. Have they already been backported to php 5.2.17 by the cpanel team when installed using easyapache? If not, will they? Or is the only choice to upgrade to the latest version of php 5.3x or 5.4x to be protected against these latest vulnerabilities?

We run many websites and unfortunately trying to get the web developers to update their code to work with php 5.3x and newer is a PITA. I'd still like to run php 5.2x but not if it's going to lead to the server getting rooted through arbitrary code execution vulnerabilities in php 5.2x.

Any info or tips are greatly appreciated.

Thank you!

secunia dot com/advisories/49731/ (cve's listed here)
secunia dot com/advisories/49014/ (cves listed here)
php 5.2.17 security backports question
Cpanel Blog Strange email with attachment from "cpanel" May,2012

Related Post