Results 1 to 12 of 12
  1. #1
    Join Date
    Jul 2002
    Posts
    3,352

    is there any problem with php 4.4.1?

    did anyone upgrade to php 4.4.1 yet?

  2. #2
    Join Date
    Jan 2002
    Location
    UK
    Posts
    1,034
    there is this problem that affects squirrelmail and maybe a few other apps.

    squirrelmail has a workaround tho.

    http://bugs.php.net/bug.php?id=35067
    Chris Collins
    Hostingfreak.net
    Directadmin Hosting in europe
    www.hostingfreak.net

  3. #3
    Join Date
    Aug 2004
    Location
    Zurich, Switzerland
    Posts
    770
    This far seeing no probs, unlike with 4.4.0 this time not even a Zend update needed.

  4. #4
    There is also an issue with PHP 4.4.1 and mod_rewrite under Apache 2.x:
    http://bugs.php.net/bug.php?id=35059

    mod_rewrite on Apache 1.3.33/34 seems to work fine with PHP 4.4.1

  5. #5
    Join Date
    Apr 2005
    Location
    Oz
    Posts
    3,498
    Yes, simply put it breaks phpadnews and a few other apps. Either use 4.4.2 dev edition or stick with 4.3.x for the time being.

  6. #6
    Join Date
    Jul 2002
    Posts
    3,352
    Quote Originally Posted by adb22791
    Yes, simply put it breaks phpadnews and a few other apps. Either use 4.4.2 dev edition or stick with 4.3.x for the time being.
    but php 4.4.1 is bug fix release. no new features, it simply fix all the pervious security bugs. if you stick with 4.3.x...isn't it risky?

  7. #7
    Join Date
    Jan 2002
    Location
    UK
    Posts
    1,034
    as far as I am aware the bug's that were introduced do not exist in 4.4.0 so there is no need to go back to 4.3.x, they were fixed fast in cvs tho so I dont know why they havent released 4.4.1.1 quickly to address these issues.
    Chris Collins
    Hostingfreak.net
    Directadmin Hosting in europe
    www.hostingfreak.net

  8. #8
    At least somewhat fixed PHP 4.4.1 packages are now available for Debian GNU/Linux. DotDeb.org just released updated PHP 4.4.1 packages which fixes bug #35067 (scripts hangs on netx() prev()) and #35071 (Wrong fopen mode used in GD safe-mode checks). However, the Apache2/mod_rewrite issue is still present.

  9. #9
    Join Date
    Jul 2002
    Posts
    3,352
    Quote Originally Posted by Chrysalis
    as far as I am aware the bug's that were introduced do not exist in 4.4.0 so there is no need to go back to 4.3.x, they were fixed fast in cvs tho so I dont know why they havent released 4.4.1.1 quickly to address these issues.
    here is the security flaw http://secunia.com/advisories/17371/

    Description:
    Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system.

    1) An error where the "GLOBALS" array is not properly protected, can be exploited to define global variables by sending a "multipart/form-data" POST request with a specially crafted file upload field, or via a script calling the PHP function "extract()" or "import_request_variables()".

    Successful exploitation may open up for vulnerabilities in various applications, but requires that "register_globals" is enabled.

    The vulnerability has been reported in versions 4.4.0 and 5.0.5, and prior.

    the 4.4.1 i believe suppose to fix this problem and some other.

  10. #10
    Join Date
    Aug 2005
    Location
    Egypt
    Posts
    110
    Yes ther are problem
    GNU/Linux system Engineer
    Contact Me: 00201003338749

  11. #11
    Join Date
    Oct 2002
    Location
    State of Disbelief
    Posts
    22,951
    4.4.1 (and 4.4.0, I believe) can break some SMF installs. More info and a simple fix is available from them at this address:
    http://www.simplemachines.org/commun...?topic=41955.0
    Having problems, or maybe questions about WHT? Head over to the help desk!

  12. #12
    Join Date
    Aug 2005
    Location
    Egypt
    Posts
    110
    Earlier this week, PHP 4.4.1 was released to production. This fixes several serious security issues. This upgrade will require a recompile of your PHP and a restart of your Apache

    This is a bug fix release, which addresses some security problems too. The security issues that this release fixes are:

    - Fixed a Cross Site Scripting XSS (http://www.cgisecurity.com/articles/xss-faq.shtml) vulnerability in phpinfo() that could lead f.e. to cookie exposure, when a phpinfo() script is accidently left on a production server.
    - Fixed multiple safe_mode/open_basedir bypass vulnerabilities in ext/curl and ext/gd that could lead to exposure of files normally not accessible due to safe_mode or open_basedir restrictions.
    - Fixed a possible $GLOBALS overwrite problem in file upload handling, extract() and import_request_variables() that could lead to unexpected security holes in scripts assumed secure. (http://www.hardened-php.net/globals-problem)
    - Fixed a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls. In some cases this can result in register_globals being turned on.
    - Fixed an issue with trailing slashes in allowed basedirs. They were ignored by open_basedir checks, so that specified basedirs were handled as prefixes and not as full directory names.
    - Fixed an issue with calling virtual() on Apache 2. This allowed bypassing of certain configuration directives like safe_mode or open_basedir.
    - Updated to the latest pcrelib to fix a possible integer overflow vulnerability announced in CAN-2005-2491. (http://cve.mitre.org/cgi-bin/cvenam...e=CAN-2005-2491)
    This release also fixes 35 other defects, where the most important is the the fix that removes a notice when passing a by-reference result of a function as a by-reference value to another function. (Bug #33558 - http://bugs.php.net/33558).

    For a full list of changes in PHP 4.4.1, see the ChangeLog: http://www.php.net/ChangeLog-4.php#4.4.1
    GNU/Linux system Engineer
    Contact Me: 00201003338749

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •