Absolutely right, and it was only after I offered I got the redhat notice. Forget I offered, folks.
Chris Mason [EMAIL PROTECTED] Box 340, The Valley, Anguilla, British West Indies Tel: 264 497 5670 Fax: 264 497 8463 Take a virtual tour of the island http://www.anguillaguide.com/ The Anguilla Guide Find your perfect rental villa www.mycaribbean.com Talk to me in real time: MSN Instant Messenger: [EMAIL PROTECTED] ICQ 118159388 Yahoo:netconcepts_anguilla US Fax and Voicemail: (605)253-1759 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ed Wilts Sent: Friday, March 01, 2002 8:47 AM To: [EMAIL PROTECTED] Subject: Re: Heads up: PHP exploit Red Hat has already issued updates and I *strongly* recommend that people use Red Hat's version rather than yours. No offense intended, but as a distributor of php, this is Red Hat's job. .../Ed Ed Wilts Mounds View, MN, USA mailto:[EMAIL PROTECTED] ----- Original Message ----- From: "Chris Mason" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 01, 2002 6:37 AM Subject: Re: Heads up: PHP exploit > I can build patched rpm's if anyone needs them, let me know what > versions you need and I will build them. I have patched my own rpm but > it's a mod_php4 rpm which might not suit everyone. > > Chris > > > I don't normally trouble the list with security announcements, but > > this one hasn't even hit Bugtraq yet. I got wind of it via > > departmental mail from someone who follows the snort-sigs list. > > > > There is a PHP problem afoot which affects POST operations in all > > versions of PHP prior to 4.1.2. Go here for details: > > > > http://security.e-matters.de/advisories/012002.html > > > > And here for the fix: > > > > http://www.php.net > > > > I've already patched my production boxes, but there's no help yet for > > rpm'ers, far as I know. 'file_uploads = Off' in php.ini, if you can't > > upgrade. > > > > Hope this helps someone. -d > > > > - -- > > David Talkington > > > Chris Mason > Box 340, The Valley, Anguilla > Tel: 264-497-5670 > Fax: 264-497-8463 > [EMAIL PROTECTED] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
