PHP vulnerabilities?
Michal Jaegermann
michal at harddata.com
Sat Dec 18 21:16:32 UTC 2004
On Sat, Dec 18, 2004 at 07:31:25AM +0200, Pekka Savola wrote:
>
> Has anyone actually looked, btw, how well
> the security patch against 4.3.9 (e.g., from OpenPKG) applies to 4.1.2
> (RHL73) or php 4.2 (RHL9) ?
Version 4.2 is close enough. Besides Mandrake has already
php-4.2.3-4.3.C21mdk out which appears to have fixes applied. How
well this patches the problems I cannot tell. Assume the best. -)
With RH7.3 and 4.1.2 this is entirely different kettle of fish.
I looked and I do not see any obvious way to fit these patches back.
I cannot even tell if the problems are there and if yes then which
particular code fragments are responsible.
At least on one RH 7.3 machine I am running php 4.3.8 from the
end of July of this year. How successful such substituion would be
obviously depends on what applications you have on the top of it.
But if they are breaking then you should have started a forward
migration a long time ago. There were good reasons to break
assorted grungy PHP code.
It is defintely possible to compile php 4.3.10 on RH7.3. It wants
newer curl but sources from RH9 recompile there without heroic
efforts and that version is good enough.
Michal
More information about the fedora-legacy-list
mailing list