PHP 5.2.10 and Prior Versions Multiple Vulnerabilities

[WelshTom]

News from securityfocus:

PHP 5.2.10 and Prior Versions Multiple Vulnerabilities

PHP is prone to multiple security vulnerabilities.

The impact of these issues has not been specified. We will update this BID when more information becomes available.

These issues affect PHP 5.2.10 and prior versions.

Probably best everyone upgrades ASAP

[eukSam]

Hello,

Cpanel has started providing PHP 5.2.11, so the upgrade is easily available in cpanel.

[Eidolon]

Hello,

Cpanel has started providing PHP 5.2.11, so the upgrade is easily available in cpanel.

I know it's a reseller server rather than VPS, however I noticed puma is still using PHP 5.2.5.

[Stuart]

We cant upgrade php version on puma server, as it will create problem for another site which are hosted on this server. We have another server on which PHP version 5.2.13 is runing, If you wish we will migrate your account on that server. Please confirm PHP 5.2.13 is fine with you ?

Regards,
Stuart.

[Eidolon]

We cant upgrade php version on puma server, as it will create problem for another site which are hosted on this server. We have another server on which PHP version 5.2.13 is runing, If you wish we will migrate your account on that server. Please confirm PHP 5.2.13 is fine with you ?

Regards,
Stuart.

Personally I'm fine sticking with puma. I'm just slightly surprised a version with "multiple security vulnerabilities" is still being used considering eukhost have tight security settings in place in general on their servers.

On a related note 5.2.14 and 5.3.3 have been released, and this is due to be the last 5.2 release according to the PHP.net site.

[Eidolon]

Just bumping this topic to mention that the PHP 5.3.8 release announcement states...
All PHP users should note that the PHP 5.2 series is NOT supported anymore. All users are strongly encouraged to upgrade to PHP 5.3.8.
URL: PHP: News Archive - 2011

Perhaps eUKhost should consider upgrading PHP on their servers to 5.3 now, as being unsupported it potentially may have security issues. Currently puma still appears to be using version 5.2.9 still, not even the last 5.2 version.

[Kieran]

Hi Eidolon.

Yea, It seems that PHP 5.2 version is no longer supported by PHP.net.
But the Cpanel still lists the old stable releases as 5.2.9, 5.2.17 in easyapache installer.

Due to compatibility and other customization issues, we will not able to upgrade the PHP version to 5.3 on the existing shared servers. However we will schedule PHP upgrade to old stable version 5.2.17 in upcoming days