[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [scl.org] PHP Security Updates


I've got exactly the same problem. I'm currently in the process of installing new webservers and decided to use only php software collections from remi repo because the official ones won't get updated frequently enough to be safe. So yes, this seems to be the only option for now until the CentOS SCL team decides to do automated update builds of their SCLs.


Daniel Souvignier

IT Center
Gruppe: Linux-basierte Anwendungen
Abteilung: Systeme und Betrieb
RWTH Aachen University
Seffenter Weg 23
52074 Aachen
Tel.: +49 241 80-29267
souvignier itc rwth-aachen de

-----Original Message-----
From: sclorg-bounces redhat com [mailto:sclorg-bounces redhat com] On Behalf Of Josep Manel Andrés Moscardó
Sent: Thursday, March 8, 2018 9:16 AM
To: sclorg redhat com
Subject: Re: [scl.org] PHP Security Updates


Referring to http://mirror.centos.org/centos/7/sclo/x86_64/rh/rh-php56/
I see the last update was latest 2016, and checking the latest php 5.6 available on php.net I can see an update from last week.

So, is this what you are talking about? ..... I didn't notice....

On 07/03/18 19:17, Brian Haines wrote:
> I was wondering, what is an appropriate period to wait for security 
> updates to php versions in the software collection?
> The following article got my attention:
> https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-co
> uld-allow-for-arbitrary-code-execution_2018-023/
> I am using multiple versions of scl php on a server of mine and I 
> can't really use scl if only vulnerable versions of php are available.
> Is the best solution to use the remi repo to get secure software 
> collections versions of php?
> _______________________________________________
> SCLorg mailing list
> SCLorg redhat com
> https://www.redhat.com/mailman/listinfo/sclorg

Josep Manel Andrés Moscardó
Systems Engineer, IT Operations
EMBL Heidelberg
T +49 6221 387-8394

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]