Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP Security & Exploit

Posted by Hemos on Wednesday February 27, 2002 @06:45AM from the fixing-it dept.

Anonymous Coward writes "It looks like after a few weeks of rumors, an exploit for PHP/Apache under Linux surfaced. Luckily, PHP.net has the patch ready to go. While the export only claims to work for PHP up to 4.0.5, php.net also releases a patch for 4.1.1, the (until yesterday), latest version of php. This patch makes a small edition to the part of the source code (rfc1867.c) that is used by the exploit."

1 of 28 comments (clear)

Min score:

Reason:

Sort:

How to patch major distro versions by Why+Should+I · 2002-02-27 12:34 · Score: 2, Interesting

Now I like to instal PHP from source personally, but most people i know that use PHP, do so on a default redhat 7.2 rpm install. i.e. they are running ver 4.0.6.

So my question is: Is there a way to patch the major distro versions (i.e. rh, suse, mandrake ...) from there default versions to the secure version?

Because if there isn't then there are still gonna be alot of webservers out there running insecure versions of php. And, if there isn't a way, then why isn't there?