Erwin
12-23-2004, 08:28 PM
Refer:
http://www.vbulletin.com/forum/showthread.php?t=123531
Reposted here because members here are asking questions about it.
-------------------------------------------------------------------------
The list of vulnerabilities is found here:
http://www.hardened-php.net/advisories/012004.txt (http://www.hardened-php.net/advisories/012004.txt)
You will notice that one specifically mentions vBulletin. Please note that this it NOT a vBulletin vulnerability. It is a vulnerability in one of the PHP functions that vBulletin uses. To fix this vulnerability, you must upgrade your PHP.
PHP versions 4.3.10 and 5.0.3 are not affected. You may download either from here (http://www.php.net/downloads.php). (Note: we still recommend the 4.3.x series for vBulletin.)
If you upgrade your PHP and start getting errors with vBulletin, ensure any PHP caching or accelerator programs (such as Turck MMCache or Zend Optimizer) are also upgraded to the latest version. There is a change in PHP that conflicts with older versions!
If your server runs the Zend Optimizer you also upgrade this when you upgrade to PHP 4.3.10.
If you see an error like this:
Warning: Constants may only evaluate to scalar values in /path/to/init.php on line 752
... this indicates that your version of the Zend Optimizer is too old for PHP 4.3.10.
You should upgrade your Zend Optimizer by downloading the latest version from Zend.com.
http://www.vbulletin.com/forum/showthread.php?t=123531
Reposted here because members here are asking questions about it.
-------------------------------------------------------------------------
The list of vulnerabilities is found here:
http://www.hardened-php.net/advisories/012004.txt (http://www.hardened-php.net/advisories/012004.txt)
You will notice that one specifically mentions vBulletin. Please note that this it NOT a vBulletin vulnerability. It is a vulnerability in one of the PHP functions that vBulletin uses. To fix this vulnerability, you must upgrade your PHP.
PHP versions 4.3.10 and 5.0.3 are not affected. You may download either from here (http://www.php.net/downloads.php). (Note: we still recommend the 4.3.x series for vBulletin.)
If you upgrade your PHP and start getting errors with vBulletin, ensure any PHP caching or accelerator programs (such as Turck MMCache or Zend Optimizer) are also upgraded to the latest version. There is a change in PHP that conflicts with older versions!
If your server runs the Zend Optimizer you also upgrade this when you upgrade to PHP 4.3.10.
If you see an error like this:
Warning: Constants may only evaluate to scalar values in /path/to/init.php on line 752
... this indicates that your version of the Zend Optimizer is too old for PHP 4.3.10.
You should upgrade your Zend Optimizer by downloading the latest version from Zend.com.