On most servers we are using Plesk 7.0.4 still.
We have reviewed the release noted of 7.5 Reloaded and they ALL use
php-4.3.2-8.ent.i386.rpm
This version of PHP is HIGHLY vulnerable to many things such as the newly discovered problems in the noted functions (which are used on message boards and such).
Can you update PHP without breaking Plesk, or does this need to all be updated with Plesk since that is how it was installed and preconfigured?
* Please note, I am going to define the use of the word "Can" in the previous statement. As in is it possible to upgrade php by installing the new .rpm packages or is there a whole bunch of configuration and compiling to do when you are updating, furthermore the next time you try to update plesk is it just going to fail.
Does anyone have any idea if plesk will be releasing patches for this?
It has been a few days now and we are getting a little worried.
We have seen that usually within a week if major security issues that are out on the loose do not get patched servers start to get taken down.
Thanks.
Full Version: Php 4.3.10
In most cases you can upgrade without breaking PSA, best to search this, PSA's and ART's forums. ART has the most experience with this.. www.atomicrocketturtle.com
I've personally upgraded php on a 7.1.x system without breaking it and I did it also on 7.0.4.
Don't go up to ver 5 of php as you will break all kinds of stuff on psa including horde.
I've personally upgraded php on a 7.1.x system without breaking it and I did it also on 7.0.4.
Don't go up to ver 5 of php as you will break all kinds of stuff on psa including horde.
Just a note.
If you are going to upgrade PHP to 4.3.10 using art rpms wait a few days more, or go for the 4.3.9.
After an upgrade to 4.3.10 it did'nt broke my PSA, but many customer applications.
I tought it was due to the applications, but after a few tests, all those worked perfectly on another server (RHEL PHP 4.3.10)
If you are going to upgrade PHP to 4.3.10 using art rpms wait a few days more, or go for the 4.3.9.
After an upgrade to 4.3.10 it did'nt broke my PSA, but many customer applications.
I tought it was due to the applications, but after a few tests, all those worked perfectly on another server (RHEL PHP 4.3.10)
the problem is supposed to be the zend optimiser and you need to upgrade to the latest version of it.
Thanks zacpac.
It worked like a charm.
For others to know in the case there are more ppl like me:
1. Download Zend Optimizer
http://zend.com/store/free_download.php?pid=13
2. Untar and install
tar -zxvf Zend*
cd Zend*
./install.sh
Following the standard setup procedure will be fine..
----
I don't know why I ignored all the warnings about this.
It worked like a charm.
For others to know in the case there are more ppl like me:
1. Download Zend Optimizer
http://zend.com/store/free_download.php?pid=13
2. Untar and install
tar -zxvf Zend*
cd Zend*
./install.sh
Following the standard setup procedure will be fine..
----
I don't know why I ignored all the warnings about this.
Could anyone kindly tell me where I can find php 4.3.10 RPMs?
Thanks AfterX. I was able to successfully install 4.3.10 
We are more worried about this...
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=248046
----------
Recently a serious exploitable issue was discovered in PHP (the scripting language in which phpBB, IPB, vB, etc. are written) versions prior to 4.3.10. The problematical functions include unserialize and realpath. phpBB (along with a great many other scripts including IPB, vB, etc.) use these two functions as a matter of course.
It has come to our attention that code has now been released which uses this exploit in PHP to obtain confidential information in phpBB. Such information includes data contained in phpBB's config.php file. We therefore recommend the following:
1) If you maintain your own server be sure to upgrade to the newest available release of PHP (both versions 4 and 5). Be aware that at this time phpBB 2.0.x has problems functioning under PHP5 without modification.
2) If you pay for hosting ensure you hosting provider has upgraded thier installation of PHP (again remember that phpBB 2.0.x and other scripts will not function under PHP5 without modification).
Please do not submit this PHP issue to our security tracker, it is beyond our control. Fixed versions of PHP do exist and as above we encourage you to ensure your system is running such a version. Equally please examine any "hacking" issues you have carefully to ensure they are not caused by this PHP problem (rather than phpBB). Remember, this is not a phpBB exploit or problem, it's a PHP issue and thus can affect any PHP script which uses the noted functions.
----------
We have many message boards running and this could easily be explotied.
Also a note to all people using Plesk and installing message boards from your CP. YOU BETTER KEEP THEM UPDATED. This is something that plesk forgets to mention. There are root vulnerabilities that affect every message board if not updated!
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=248046
----------
Recently a serious exploitable issue was discovered in PHP (the scripting language in which phpBB, IPB, vB, etc. are written) versions prior to 4.3.10. The problematical functions include unserialize and realpath. phpBB (along with a great many other scripts including IPB, vB, etc.) use these two functions as a matter of course.
It has come to our attention that code has now been released which uses this exploit in PHP to obtain confidential information in phpBB. Such information includes data contained in phpBB's config.php file. We therefore recommend the following:
1) If you maintain your own server be sure to upgrade to the newest available release of PHP (both versions 4 and 5). Be aware that at this time phpBB 2.0.x has problems functioning under PHP5 without modification.
2) If you pay for hosting ensure you hosting provider has upgraded thier installation of PHP (again remember that phpBB 2.0.x and other scripts will not function under PHP5 without modification).
Please do not submit this PHP issue to our security tracker, it is beyond our control. Fixed versions of PHP do exist and as above we encourage you to ensure your system is running such a version. Equally please examine any "hacking" issues you have carefully to ensure they are not caused by this PHP problem (rather than phpBB). Remember, this is not a phpBB exploit or problem, it's a PHP issue and thus can affect any PHP script which uses the noted functions.
----------
We have many message boards running and this could easily be explotied.
Also a note to all people using Plesk and installing message boards from your CP. YOU BETTER KEEP THEM UPDATED. This is something that plesk forgets to mention. There are root vulnerabilities that affect every message board if not updated!
QUOTE
Originally posted by Gravity
... Recently a serious exploitable issue was discovered in PHP (the scripting language in which phpBB, IPB, vB, etc. are written) versions PRIOR to 4.3.10. ...
[/B]
... Recently a serious exploitable issue was discovered in PHP (the scripting language in which phpBB, IPB, vB, etc. are written) versions PRIOR to 4.3.10. ...
[/B]
Start by upgrading to php 4.3.10 as it will fix that issue.
Redhat has now published an update.
I believe this will fix things up.
https://rhn.redhat.com/errata/RHSA-2004-687.html
They sent out 4.3.2-19 though.
I believe this will fix things up.
https://rhn.redhat.com/errata/RHSA-2004-687.html
They sent out 4.3.2-19 though.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.