Thread: New php issue

    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2001
    Location
    ma
    Posts
    103
    Rep Power
    14

    New php issue


    [27-Feb-2002] Due to a security issue found in all versions of PHP (including 3.x and 4.x), a new version of PHP has been released. Details about the security issue are available here. All users of PHP are strongly encouraged to either upgrade to PHP 4.1.2, or install the patch (available for PHP 3.0.18, 4.0.6 and 4.1.0/4.1.1).

    My question is how do I install the patch? It's a gz file. Not sure how those work. Can anyone give me a hand on this?
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    you are 4 days late. get onto some mailing list if you are really interested in security.

    .gz says it is zip-packed (.zip in win*** world). do "gunzip filename.gz" to get the unzipped version. and read the docs how to apply it...

    is it a source code patch or a binary one?

    you probably better get the complete patched version (4.1.2)..... and install it over your old one.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2001
    Location
    ma
    Posts
    103
    Rep Power
    14
    Originally posted by M.Hirsch
    you probably better get the complete patched version (4.1.2)..... and install it over your old one.
    How would I go about that?
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    http://www.php.net/downloads.php

    but is is only available as source as far as i could see...
    if you are on linux, compiling is easy on win**** - didnīt ever even try...
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2001
    Location
    ma
    Posts
    103
    Rep Power
    14
    Can anyone give me a hand here with an answer?
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    ok, step-by-step:

    download the .tar.gz file.
    login as root, copy it to your /root directory.
    type "tar xvzf <filename>"
    cd to the new dir that was created
    type "./configure" (read the README for the parameters to supply if you want apache-module and how to compile in mySQL and other stuff you might need)
    if you get no errors, type "make".
    if this gives you no errors either, you should end up with a "mod_php.so" or similar in one of the dirs.
    copy this to /usr/lib/apache (or the location your old mod_php.so is at)

    this should do the job. it is probably not as easy as it seems, but since there is no binary available yet, itīs the only way around disabling PHP completely......

    i did not test this since i donīt have linux around at home. if you have further questions, ask again. i am sure there is ppl on this board that did this step already and can supply the exact way...

    see ya,
    M.Hirsch
  12. #7
  13. No Profile Picture
    Gödelian monster
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jul 1999
    Location
    Central Florida, USA
    Posts
    2,307
    Rep Power
    61
    See this thread in another forum: http://www.tek-tips.com/gviewthread....434/qid/221223

    Also, this security breach deals with PHP's file upload functionality. If you don't need file uploads, you can just disable that feature in php.ini, and you will be safe again. That's the quickest fix for now, until you are ready to deal with an upgrade.

    Just change:

    file_uploads = On

    to

    file_uploads = Off
    The real n-tier system:

    FreeBSD -> PostgreSQL -> [any_language] -> Apache -> Mozilla/XUL

    Amazon wishlist -- rycamor (at) gmail.com

IMN logo majestic logo threadwatch logo seochat tools logo