PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.

**jetx** · 9 Apr 2014, 01:36 AM

1. PHP CGI Bug - http://arstechnica.com/security/2014...-22-months-on/ --- PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.

As I still have a zencart site left I need to ask for clarification on this post by DrByte today. I understand that 1.51 does not work under php 5.4 without code modification. I do not see exactly what modifications are required.

secondly, does the Dr mean (versions prior to 5.3.12 and 5.4.2 are vulnerable) therefore any version prior to 5.4.2 is vulnerable?.

**DrByte** · 9 Apr 2014, 04:32 AM

Originally Posted by jetx

does the Dr mean (versions prior to 5.3.12 and 5.4.2 are vulnerable) therefore any version prior to 5.4.2 is vulnerable?.

My understanding of the statement (it wasn't mine, I was only quoting it) is that PHP 5.3.1 thru 5.3.11 are vulnerable, and 5.4.0 and 5.4.1 are vulnerable. The quoted article makes no mention of PHP 5.2.xxx versions specifically, but I haven't pursued that further; you may wish to.

**RodG** · 9 Apr 2014, 09:54 PM

PHP V5.2.X is reaching end of life. There are multiple vulnerabilities. The URL below lists them. This URL is specifically for v5.2.17 which is/was the default version used by a number of distribution of the time and is still in widespread use :-(
http://www.cvedetails.com/vulnerabil...HP-5.2.17.html

**jetx** · 10 Apr 2014, 02:16 AM

My issue is whether upgrading php to 5.5. will break zencart. Does anyone know what, if any, files are going to require code edits. Thanks.

note: besides timezone.

**jetx** · 10 Apr 2014, 02:30 AM

From this: http://www.zen-cart.com/entry.php?6-...nd-5-5-and-5-6

I would suspect that many mods will not function correctly under php 5.5.

List of current mods (if anybody knows, please comment). I really don't want to upgrade and find the site is broken.

discount mod, table discounts (swguy)
COWOA
Ceon Manual Card
Cross Sell Advanced (prowebs)
Direct Bank Deposit
Testimonial Manager

**jetx** · 10 Apr 2014, 03:21 AM

http://www.zen-cart.com/showthread.p...g-offset/page4

= a big can of worms.. No dev confirmed fix for 1.51, just a lot of attempts. So in order to run the site error free it is necessary to retain a vulnerable version of php. Is this basically correct?

**jetx** · 10 Apr 2014, 03:25 AM

So, to run securely I would need to recompile php as an apache module rather than cgi? Just confirming, thanks.

**jetx** · 10 Apr 2014, 06:40 AM

Upgraded php to 5.3.28, deprecated but I suppose better than what I had (5.2.1.7). Thanks for the link DrB.

Thread: PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.

Thread Tools

Search Thread

Display

PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.

Re: PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.

Re: PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.

Re: PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.

Re: PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.

Re: PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.

Re: PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.

Re: PHP versions prior to 5.3.12 and 5.4.2 are vulnerable.

Similar Threads

Upcoming versions - 1.5.3 and 1.6.0 -- compatible with PHP 5.4, 5.5, 5.6

Can Templates from Prior Versions Be Added to Later Versions?

Upgrading from PHP 4.X to 5.2.14 -Will ZC 3.7, 3.8A, and 3.9 versions & mods work?

Bookmarks

Bookmarks

Posting Permissions