PHP version and CVE-2014-3669

Avatar
  • Answered
Installed versions available are:
5.5.17
5.4.33
5.3.29
5.2.17

5.5.17 and 5.4.33 are apparently vulnerable. When will these be updated?
http://threatpost.com/php-patches-vulnerabilities-including-remote-code-execution-flaw/108960

"The patch, which was included alongside two other issues (CVE-2014-3668 and CVE-2014-3670) in the framework for versions 5.6.2, 5.5.18 and 5.4.34 last week, both fixes the issue and prevents PHP from crashing or segfaulting, a memory access violation that can lead to crashing. "

Avatar
Arn
Hello,

Thanks for your question. I spoke with a systems person and he said that our servers are updated based on the release schedule of the PHP updates and what is considered "stable" for our server systems. They also have to schedule these updates with systems personnel as these updates do take time to apply to the entire server farm. It is my understanding that vulnerabilities are patched on a timely basis. However, to make sure that these issues have been covered, I will issue a request through management to make sure that vulnerabilities have been addressed . I was able to verify that VPS and dedicated servers can already load 5.5.18 and 5.4.34 .

Regards,
Arnel C.