Today, faced with the problem of installing php module libssh2 on a server with Centos 6.6 and PHP 5.4.37.
A simple way, like team pecl install ssh2, the module becomes refused flies error "Failed to download pecl/ssh2 within preferred state "stable", latest release is version 0.12, stability "beta", use "channel://pecl.php.net/ssh2-0.12" to install install failed".
To deal with this, I did not, and went the other way.
PHP version 5.2, though, and already seems to have outlived its function, but still more is needed. After all, there are more old sites that will not work on newer versions of php. For example those that are encoded by Zend 5.2, and they are not alone.
We have: server OS Centos on board, ISPmanager control panel and set the standard method php 5.3.x.
Task: installed on the server and more php 5.2, and implement convenient switching between versions for each site.
The basic version of php we will be the 5.3, as can be updated without any problems, etc., but more will be version 5.2, since its development is completed.
The company Sektion Eins was found a critical vulnerability, which affects all versions of Drupal 7 branch. It allows you to execute arbitrary SQL-query the database Drupal without any rights in the system. Thus, for example, it is possible with absolutely no rights on your website, create a special request, which will create a new administrator or change the current password. The danger is defined as the highest. October 15 came kernel upgrade to version 7.32, which addresses the vulnerability. Developers are strongly advised to update the kernel immediately.
At the moment, already compromised a lot of sites for this CMS and break-ins continue.
June 24, 2014 was know about another critical vulnerability in the script timthumb.php, which is used in a huge number of themes and plugins popular engine wordpress. We would like to note that this script is used not only in wordpress, but also in many other CMS, as well as their extensions.
Vulnerability affects all versions of absolutely timthumb, including 2.8.13, as well as the original project WordThumb. The vulnerability allows attackers to run malicious code execution without having access to your site.
Just yesterday, was made public a critical vulnerability in OpenSSL.
The vulnerability is related to the lack of adequate bounds checking in one of the procedures expansion Heartbeat (RFC6520) protocol TLS / DTLS. Due to the small mistakes anyone can gain access to the computer's memory, whose communication "protected" vulnerable version of OpenSSL. In particular, the attacker gains access to the private key, user name and password and all content to be transmitted in encrypted form. When this leaves no traces of penetration into the system.