All,
A few weeks ago some major security holes were announced in regards to the PHP packages. Was there an update I missed? I see the current version on a system I am running it on is php-5.0.4-10.5.
******************************************************************************* Gilbert Sebenste ******** (My opinions only!) ****** *******************************************************************************
On Sat, 2005-12-03 at 00:46 -0600, Gilbert Sebenste wrote:
A few weeks ago some major security holes were announced in regards to the PHP packages. Was there an update I missed? I see the current version on a system I am running it on is php-5.0.4-10.5.
I'm not sure exactly if these are the security issues you refer to, but the RPM's changelog for php-5.0.4-10.5 says:
* Fri Nov 04 2005 Joe Orton jorton@redhat.com 5.0.4-10.5 - add security fixes from upstream: * XSS issues in phpinfo() (CVE-2005-3388, #172212) * GLOBALS handling (CVE-2005-3390, #172207) * parse_str() enabling register_globals (CVE-2005-3389, #172209) * exif: infinite recursion on corrupt JPEG (CVE-2005-3353) - add unserializer fix for x86_64 (upstream #34435)