security fix fpr php4
Hi, I have been told that php has a security fix and the current version would be 4.3.11 - for about a month now. The newest version for suse 9.3 (YOU) is 4.3.10. Am I right assuming that suse does not provide the newest fix yet. If that's the case why does it take soooooo long. I had hackers on my machine now 3 times within the last month (came through php) and try to do everything to keep hackers out. The first thing I guess is apply all security updates and one would think the delay for newest updates to be put on the YOU servers would only be days rather than weeks. Can anybody help me here? thanks sigi
On Sun, Oct 09, 2005 at 10:42:42PM +1300, Sigi Kirchmair wrote:
Hi,
I have been told that php has a security fix and the current version would be 4.3.11 - for about a month now.
The newest version for suse 9.3 (YOU) is 4.3.10. Am I right assuming that suse does not provide the newest fix yet. If that's the case why does it take soooooo long.
I had hackers on my machine now 3 times within the last month (came through php) and try to do everything to keep hackers out. The first thing I guess is apply all security updates and one would think the delay for newest updates to be put on the YOU servers would only be days rather than weeks.
What specific security problem? Please check our security advisories if the bug is already fixed. We usually add only patches for the problems and do not upgrade the package version. Ciao, Marcus
Dear Sigi, If you type rpm -q --changelog php4 you can find out exactly what fixes are included in your PHP package. On my 9.3 system I see at the top of the list * Wed Aug 31 2005 - postadal@suse.cz - added security patch pcre-overflow-bug-106209.patch for internal libpcre and statically linked against it [#114157] * Thu Aug 25 2005 - postadal@suse.cz - linked with system pcre libs [#112645] * Tue Aug 16 2005 - postadal@suse.cz - fixed XML RPC command injection (#104403, CAN-2005-2498) * Mon Jul 04 2005 - meissner@suse.de - fixed XML RPC command injection, #94579, CAN-2005-1921 Regards, Bob On Sun, 9 Oct 2005, Sigi Kirchmair wrote:
Hi,
I have been told that php has a security fix and the current version would be 4.3.11 - for about a month now.
The newest version for suse 9.3 (YOU) is 4.3.10. Am I right assuming that suse does not provide the newest fix yet. If that's the case why does it take soooooo long.
I had hackers on my machine now 3 times within the last month (came through php) and try to do everything to keep hackers out. The first thing I guess is apply all security updates and one would think the delay for newest updates to be put on the YOU servers would only be days rather than weeks.
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv
participants (3)
-
Bob Vickers
-
Marcus Meissner
-
Sigi Kirchmair