[KLUG Members] PHP vulnerability; and differences between
different versions.
Bruce Smith
members@kalamazoolinux.org
28 Feb 2002 20:47:46 -0500
> My fellow co-worker and I have a bit of the jitters because of the new PHP
> vulnerability. So, we are thinking of upgrading, but I'm afraid patching
> didn't work on our server. This means one of two things:
> 1. Somehow I tried to run the patch wrong
> 2. It won't work anyhow, and I need to upgrade.
>
> So, if 2. is what I have to deal with, what are the differences between
> PHP 4.0.6 and 4.1.1? I've read the changelogs, and I don't find too much
> regarding function changes (e.g. pg_connect() between php4.0.6 and
> php4.1.2 changes, and and when I made a 'test' server, all code with that
> function blew up).
What distribution are you running. Redhat released new PHP RPM's today
for all their supported versions. It's easy to upgrade that way.
> So: have you upgraded yet? Have other things blown up? I'd hate for my
> production web servers to functionally explode. Or aren't you worried?
It's my understanding that you can disable uploads in your php.ini,
which plugs the security hole, as a temporary fix.
--------------------------------------------
Bruce Smith bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan 49093 USA
http://www.armstrong-intl.com/
--------------------------------------------