[KLUG Members] PHP vulnerability; and differences between different versions.

Bruce Smith members@kalamazoolinux.org
28 Feb 2002 20:47:46 -0500

Previous message: [KLUG Members] PHP vulnerability; and differences between different versions.
Next message: [KLUG Members] RH7.2 X problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> My fellow co-worker and I have a bit of the jitters because of the new PHP
> vulnerability.  So, we are thinking of upgrading, but I'm afraid patching
> didn't work on our server.  This means one of two things:
> 1. Somehow I tried to run the patch wrong
> 2. It won't work anyhow, and I need to upgrade.
> 
> So, if 2. is what I have to deal with, what are the differences between
> PHP 4.0.6 and 4.1.1?  I've read the changelogs, and I don't find too much
> regarding function changes (e.g. pg_connect() between php4.0.6 and
> php4.1.2 changes, and and when I made a 'test' server, all code with that
> function blew up).

What distribution are you running.  Redhat released new PHP RPM's today
for all their supported versions.  It's easy to upgrade that way.

> So: have you upgraded yet?  Have other things blown up?  I'd hate for my
> production web servers to functionally explode.  Or aren't you worried?

It's my understanding that you can disable uploads in your php.ini,
which plugs the security hole, as a temporary fix.

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------

Previous message: [KLUG Members] PHP vulnerability; and differences between different versions.
Next message: [KLUG Members] RH7.2 X problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]