[scl.org] PHP Security Updates
Souvignier, Daniel
Souvignier at itc.rwth-aachen.de
Thu Mar 8 08:28:59 UTC 2018
Hi,
I've got exactly the same problem. I'm currently in the process of installing new webservers and decided to use only php software collections from remi repo because the official ones won't get updated frequently enough to be safe. So yes, this seems to be the only option for now until the CentOS SCL team decides to do automated update builds of their SCLs.
Regards,
Daniel
--
Daniel Souvignier
IT Center
Gruppe: Linux-basierte Anwendungen
Abteilung: Systeme und Betrieb
RWTH Aachen University
Seffenter Weg 23
52074 Aachen
Tel.: +49 241 80-29267
souvignier at itc.rwth-aachen.de
www.itc.rwth-aachen.de
-----Original Message-----
From: sclorg-bounces at redhat.com [mailto:sclorg-bounces at redhat.com] On Behalf Of Josep Manel Andrés Moscardó
Sent: Thursday, March 8, 2018 9:16 AM
To: sclorg at redhat.com
Subject: Re: [scl.org] PHP Security Updates
Hi,
Referring to http://mirror.centos.org/centos/7/sclo/x86_64/rh/rh-php56/
I see the last update was latest 2016, and checking the latest php 5.6 available on php.net I can see an update from last week.
So, is this what you are talking about? ..... I didn't notice....
On 07/03/18 19:17, Brian Haines wrote:
> I was wondering, what is an appropriate period to wait for security
> updates to php versions in the software collection?
>
> The following article got my attention:
> https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-co
> uld-allow-for-arbitrary-code-execution_2018-023/
>
>
> I am using multiple versions of scl php on a server of mine and I
> can't really use scl if only vulnerable versions of php are available.
>
> Is the best solution to use the remi repo to get secure software
> collections versions of php?
>
> _______________________________________________
> SCLorg mailing list
> SCLorg at redhat.com
> https://www.redhat.com/mailman/listinfo/sclorg
--
Josep Manel Andrés Moscardó
Systems Engineer, IT Operations
EMBL Heidelberg
T +49 6221 387-8394
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5893 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/sclorg/attachments/20180308/97e40a13/attachment.p7s>
More information about the SCLorg
mailing list