PHP Attacks....
Michal Jaegermann
michal at harddata.com
Wed Nov 9 21:38:39 UTC 2005
On Wed, Nov 09, 2005 at 04:19:35PM -0500, James Kosin wrote:
> > On Wed, Nov 09, 2005 at 11:22:28AM -0800, Jesse Keating wrote:
> >
> >> Does look like we need to patch this. RHEL issued an update,
> >
> >
> > Do you mean that one from August?
> > https://rhn.redhat.com/errata/RHSA-2005-748.html CAN ids between
> > that one and http://www.securityfocus.com/bid/14088/info do not
> > agree although the latest worm descriptions would suggest that
> > RHSA-2005:748-05 is the correct one.
> >
> > Michal
> >
> > -- fedora-legacy-list mailing list fedora-legacy-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-legacy-list
>
> The CVE website states that CAN-2005-2498 is not the same as
> CAN-2005-1921; so, I think to reason; both need to be fixed if we are
> vulnerable.
Indeed. But sources referenced in RHSA-2005:564-15, where
CAN-2005-1751 and CAN-2005-1921 are mentioned, are explicitely
marked as outdated by RHSA-2005:748-05 (CAN-2005-2498) so the latest
presumably have fixes for all these. Source packages are somewhat
different for RHEL3 and RHEL4 so you possibly need a right fit for
FC1 and FC2.
In my earlier remarks I meant that it does not look that any fix
is needed for RH7.3; simply because the code with problems is not
there.
Yesterday updates for FC3 include also php-4.3.11-2.8.src.rpm
(and php-5.0.4-10.5.src.rpm for FC4).
Michal
More information about the fedora-legacy-list
mailing list