Red Hat has already issued updates and I *strongly* recommend that people
use Red Hat's version rather than yours. No offense intended, but as a
distributor of php, this is Red Hat's job.
.../Ed
Ed Wilts
Mounds View, MN, USA
mailto:[EMAIL PROTECTED]
----- Original Message -----
From: "Chris Mason" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 01, 2002 6:37 AM
Subject: Re: Heads up: PHP exploit
> I can build patched rpm's if anyone needs them, let me know what
> versions you need and I will build them. I have patched my own rpm but
> it's a mod_php4 rpm which might not suit everyone.
>
> Chris
>
> > I don't normally trouble the list with security announcements, but
> > this one hasn't even hit Bugtraq yet. I got wind of it via
> > departmental mail from someone who follows the snort-sigs list.
> >
> > There is a PHP problem afoot which affects POST operations in all
> > versions of PHP prior to 4.1.2. Go here for details:
> >
> > http://security.e-matters.de/advisories/012002.html
> >
> > And here for the fix:
> >
> > http://www.php.net
> >
> > I've already patched my production boxes, but there's no help yet for
> > rpm'ers, far as I know. 'file_uploads = Off' in php.ini, if you can't
> > upgrade.
> >
> > Hope this helps someone. -d
> >
> > - --
> > David Talkington
> >
> Chris Mason
> Box 340, The Valley, Anguilla
> Tel: 264-497-5670
> Fax: 264-497-8463
> [EMAIL PROTECTED]
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
