https://bugzilla.novell.com/show_bug.cgi?id=291551#c4
--- Comment #4 from Michael Monnerie 2007-07-13 02:58:10 MST ---
We found the problem:
The *-16 update has a dependency to automatically install the "suhosin" patch
from the hardened PHP project, and they know it:
http://bugs.php.net/bug.php?id=41846
Thanks to Christian for the workaround, but as almost everybody will have
automatic updates enabled, the problem will persist. Who defines the policy for
openSUSE? Isn't it still a Novell lead?
Anyway, could the responsible groups speak with each other to fix this? I can
imagine it's Novell, openSUSE, PHP, hardened PHP, suhosin who should work on
it. Latest on Sunday most openSUSE 10.2 servers will get that update, and then
hell breaks loose. :-(
And after the hint from Christian, we've looked up apache error log:
[Thu Jul 12 09:01:55 2007] [error] [client 1.1.1.1] ALERT - configured request
variable limit exceeded - dropped variable '1974' (attacker '2.2.2.2', file
'blabla'...
We didn't think about looking into Apache error log, that could have saved lots
of time maybe. But I didn't imagine that log to be there, we've looked up the
PHP log, no such message there. Hopefully the suhosin patchers can change that
logging to go to PHP log instead Apache error log.
thanks,
zmi
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.