Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] security fix fpr php4
  • From: Bob Vickers <bobv@xxxxxxxxxxxxx>
  • Date: Mon, 10 Oct 2005 10:12:52 +0100 (BST)
  • Message-id: <Pine.LNX.4.61.0510101009260.12679@xxxxxxxxxxxxxxxxxxx>
Dear Sigi,

If you type
rpm -q --changelog php4
you can find out exactly what fixes are included in your PHP package. On
my 9.3 system I see at the top of the list

* Wed Aug 31 2005 - postadal@xxxxxxx

- added security patch pcre-overflow-bug-106209.patch for internal
libpcre and statically linked against it [#114157]

* Thu Aug 25 2005 - postadal@xxxxxxx

- linked with system pcre libs [#112645]

* Tue Aug 16 2005 - postadal@xxxxxxx

- fixed XML RPC command injection (#104403, CAN-2005-2498)

* Mon Jul 04 2005 - meissner@xxxxxxx

- fixed XML RPC command injection, #94579, CAN-2005-1921

Regards,
Bob

On Sun, 9 Oct 2005, Sigi Kirchmair wrote:

> Hi,
>
> I have been told that php has a security fix and the current version
> would be 4.3.11 - for about a month now.
>
> The newest version for suse 9.3 (YOU) is 4.3.10. Am I right assuming
> that suse does not provide the newest fix yet. If that's the case why
> does it take soooooo long.
>
> I had hackers on my machine now 3 times within the last month (came
> through php) and try to do everything to keep hackers out. The first
> thing I guess is apply all security updates and one would think the
> delay for newest updates to be put on the YOU servers would only be
> days rather than weeks.
>


==============================================================
Bob Vickers R.Vickers@xxxxxxxxxxxxx
Dept of Computer Science, Royal Holloway, University of London
WWW: http://www.cs.rhul.ac.uk/home/bobv


< Previous Next >
References