Dear Sigi, If you type rpm -q --changelog php4 you can find out exactly what fixes are included in your PHP package. On my 9.3 system I see at the top of the list * Wed Aug 31 2005 - postadal@suse.cz - added security patch pcre-overflow-bug-106209.patch for internal libpcre and statically linked against it [#114157] * Thu Aug 25 2005 - postadal@suse.cz - linked with system pcre libs [#112645] * Tue Aug 16 2005 - postadal@suse.cz - fixed XML RPC command injection (#104403, CAN-2005-2498) * Mon Jul 04 2005 - meissner@suse.de - fixed XML RPC command injection, #94579, CAN-2005-1921 Regards, Bob On Sun, 9 Oct 2005, Sigi Kirchmair wrote:
Hi,
I have been told that php has a security fix and the current version would be 4.3.11 - for about a month now.
The newest version for suse 9.3 (YOU) is 4.3.10. Am I right assuming that suse does not provide the newest fix yet. If that's the case why does it take soooooo long.
I had hackers on my machine now 3 times within the last month (came through php) and try to do everything to keep hackers out. The first thing I guess is apply all security updates and one would think the delay for newest updates to be put on the YOU servers would only be days rather than weeks.
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv