March 5th, 2002, 04:18 PM
New php issue
[27-Feb-2002] Due to a security issue found in all versions of PHP (including 3.x and 4.x), a new version of PHP has been released. Details about the security issue are available here. All users of PHP are strongly encouraged to either upgrade to PHP 4.1.2, or install the patch (available for PHP 3.0.18, 4.0.6 and 4.1.0/4.1.1).
My question is how do I install the patch? It's a gz file. Not sure how those work. Can anyone give me a hand on this?
March 5th, 2002, 04:40 PM
you are 4 days late. get onto some mailing list if you are really interested in security.
.gz says it is zip-packed (.zip in win*** world). do "gunzip filename.gz" to get the unzipped version. and read the docs how to apply it...
is it a source code patch or a binary one?
you probably better get the complete patched version (4.1.2)..... and install it over your old one.
March 5th, 2002, 06:20 PM
How would I go about that?
March 7th, 2002, 01:11 PM
but is is only available as source as far as i could see...
if you are on linux, compiling is easy on win**** - didnīt ever even try...
March 7th, 2002, 01:57 PM
Can anyone give me a hand here with an answer?
March 7th, 2002, 02:09 PM
download the .tar.gz file.
login as root, copy it to your /root directory.
type "tar xvzf <filename>"
cd to the new dir that was created
type "./configure" (read the README for the parameters to supply if you want apache-module and how to compile in mySQL and other stuff you might need)
if you get no errors, type "make".
if this gives you no errors either, you should end up with a "mod_php.so" or similar in one of the dirs.
copy this to /usr/lib/apache (or the location your old mod_php.so is at)
this should do the job. it is probably not as easy as it seems, but since there is no binary available yet, itīs the only way around disabling PHP completely......
i did not test this since i donīt have linux around at home. if you have further questions, ask again. i am sure there is ppl on this board that did this step already and can supply the exact way...
March 7th, 2002, 02:11 PM
See this thread in another forum: http://www.tek-tips.com/gviewthread....434/qid/221223
Also, this security breach deals with PHP's file upload functionality. If you don't need file uploads, you can just disable that feature in php.ini, and you will be safe again. That's the quickest fix for now, until you are ready to deal with an upgrade.
file_uploads = On
file_uploads = Off