You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2008/12/09 13:38:09 UTC
heads up: php5 security and emergency fix
Last week, a security bullet was released about security problems with
php5 prior to version 5.2.7.
Yesterday, a major regression testing problem was fixed in 5.2.7, with
the removal of the 5.2.7 binaries, and the emergency release of 5.2.8.
(so, if you tried to upgrade, or are freebsd users trying to upgrade to
5.2.7 last night, it failed)
Further, 5.2.7 (and 5.2.8) included php5-pcre libraries, so removal of
pcre.so in ../php/extensions.ini is necessary to remove the cli error.
Last issue, for those using spamassassin sa-compile, a warning is output
when compiling php5 5.2.8, requiring re2c version at least 13.4.
so, bottom line: if you upgraded to 5.2.7, you need to upgrade to 5.2.8,
clean the extensions.ini file, and upgrade re2c.
for freebsd users, just sync your ports tree, and run:
pkg_delete -f php5-pcre\* (as per /usr/ports/UPDATING)
portupgrade php5 re2c
you might also want to run pkgdb -F and portupgrade php5-imap php5-zlib.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* King of Spam Filters, SC Magazine 2008
* Information Security Award 2008, Info Security Products Guide
* CRN Magazine Top 40 Emerging Security Vendors
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
Re: heads up: php5 security and emergency fix
Posted by Michael Scheidell <sc...@secnap.net>.
this gets me 62 pages:
php5 5.2.7 mq bug
ram wrote:
> On Tue, 2008-12-09 at 07:38 -0500, Michael Scheidell wrote:
>
>> Last week, a security bullet was released about security problems with
>> php5 prior to version 5.2.7.
>> Yesterday, a major regression testing problem was fixed in 5.2.7, with
>> the removal of the 5.2.7 binaries, and the emergency release of 5.2.8.
>>
>>
>
> Any reference links , I tried to google. Didnt get any
>
>
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* King of Spam Filters, SC Magazine 2008
* Information Security Award 2008, Info Security Products Guide
* CRN Magazine Top 40 Emerging Security Vendors
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
Re: heads up: php5 security and emergency fix
Posted by Kai Schaetzl <ma...@conactive.com>.
Ram wrote on Wed, 10 Dec 2008 14:48:23 +0530:
> Any reference links , I tried to google. Didnt get any
php.net
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: heads up: php5 security and emergency fix
Posted by ram <ra...@netcore.co.in>.
On Tue, 2008-12-09 at 07:38 -0500, Michael Scheidell wrote:
> Last week, a security bullet was released about security problems with
> php5 prior to version 5.2.7.
> Yesterday, a major regression testing problem was fixed in 5.2.7, with
> the removal of the 5.2.7 binaries, and the emergency release of 5.2.8.
>
Any reference links , I tried to google. Didnt get any