[suse-security-announce] Problems with last PHP4 / PHP5 update

From: Marcus Meissner (meissner@suse.de)
Date: Tue Aug 30 2005 - 19:03:10 CEST

• Previous message: Marcus Meissner: "[suse-security-announce] SUSE Security Announcement: php4/php5 Pear::XML_RPC code injection and PCRE integer overflow problems (SUSE-SA:2005:049)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Aug 2005 19:03:10 +0200
From: Marcus Meissner <meissner@suse.de>
Message-ID: <20050830170310.GA11096@suse.de>
Subject: [suse-security-announce] Problems with last PHP4 / PHP5 update

Hi,

Some hours ago we released updated PHP4 and PHP5 packages to fix
both the second Pear::XML_RPC problem and the PCRE integer overflow
problem.

The PCRE overflow fix was to just use the already fixed system pcre
library.

Since the Apache2 server includes its own version of PCRE this caused
a missmatch during linktime, where php4 compiled against the system PCRE
library now used the Apache2 PCRE library, resulting in
Segmentation faults as soon as any kind of regular expression.

This results in the updated PHP packages for following products:

- SUSE Linux Enterprise Server 9
- SUSE Linux 9.0, 9.1, 9.2 and 9.3

The PHP updates for these products have been disabled on our update
servers and the previous PHP updates have been reactivated until
we find a working fix for this problem.

We apologize for the inconviences caused.

Sincerely, Marcus Meissner (SUSE Security Team)

• application/pgp-signature attachment: stored

• Previous message: Marcus Meissner: "[suse-security-announce] SUSE Security Announcement: php4/php5 Pear::XML_RPC code injection and PCRE integer overflow problems (SUSE-SA:2005:049)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Tue Aug 30 2005 - 19:07:14 CEST