 | View Full Version : Heads up -- Apache/PHP vulnerability ScottD 02-27-2002, 12:04 PM http://security.e-matters.de/advisories/012002.html Just received a pointer to this from the FreeBSD security mailing list. It apparently affects all OS's. T_E_O 02-27-2002, 12:28 PM Hi Scott, Thanks for bringing it under my attention ! BTW, I'm starting my hosting company next week or so and when I get into a little easier water I'll post my kernel patches on your board :) zupanm 02-27-2002, 12:33 PM thats why 4.1.2 came out ScottD 02-27-2002, 12:37 PM T_E_O, congrats on your hosting company! I hope everything is working to your liking now. Can't wait to see what you've done as I've been unable to do much of anything for the last couple of weeks. Zupanm, yes, 4.1.2 was released today to patch this vulnerability. From www.php.net[27-Feb-2002] Due to a security issue found in all versions of PHP (including 3.x and 4.x), a new version of PHP has been released. Details about the security issue are available here. All users of PHP are strongly encouraged to either upgrade to PHP 4.1.2, or install the patch (available for PHP 3.0.18, 4.0.6 and 4.1.0/4.1.1). DigitalXWeb 02-27-2002, 01:07 PM Originally posted by DizixCom T_E_O, congrats on your hosting company! I hope everything is working to your liking now. Can't wait to see what you've done as I've been unable to do much of anything for the last couple of weeks. Zupanm, yes, 4.1.2 was released today to patch this vulnerability. From www.php.net Thanks for the heads up Scott.. Congrats on getting everything working T_E_O.. I have been fairly tied up with things as well and kind of put the project on the back burner for now, but would definitely like to see what you have accomplished. cabalstudios 02-27-2002, 02:12 PM Thanks for the info mate, got loads of server(s) to update then blah!! You make my life so hard :pimp: nuno 02-27-2002, 02:23 PM oh :eek: thx Scott joethong 02-27-2002, 03:47 PM Hi, I also noticed this news when I went to PHP website few hours ago. The first thing I did is to download the patch for 4.0.6. I tried to patch it against the PHP source code but it was complaining an error on line 36 in the patch file. Hmmm.. Anyone who has sucessfully patched it? Upgrading to either 4.1.2 or 4.2.0-dev is not an option for me since we have some old codes on the server. Later. Joe |