You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2008/12/09 13:38:09 UTC

heads up: php5 security and emergency fix

Last week, a security bullet was released about security problems with 
php5 prior to version 5.2.7.
Yesterday, a major regression testing problem was fixed in 5.2.7, with 
the removal of the 5.2.7 binaries, and the emergency release of 5.2.8.

(so, if you tried to upgrade,  or are freebsd users trying to upgrade to 
5.2.7 last night, it failed)
Further, 5.2.7 (and 5.2.8) included php5-pcre libraries, so removal of 
pcre.so in ../php/extensions.ini is necessary to remove the cli error.

Last issue, for those using spamassassin sa-compile, a warning is output 
when compiling php5 5.2.8, requiring re2c version at least 13.4.

so, bottom line: if you upgraded to 5.2.7, you need to upgrade to 5.2.8, 
clean the extensions.ini file, and upgrade re2c.

for freebsd users, just sync your ports tree, and run:
pkg_delete -f php5-pcre\* (as per /usr/ports/UPDATING)
portupgrade php5 re2c

you might also want to run pkgdb -F and portupgrade php5-imap php5-zlib.



-- 
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
 > *| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * King of Spam Filters, SC Magazine 2008
    * Information Security Award 2008, Info Security Products Guide
    * CRN Magazine Top 40 Emerging Security Vendors

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________

Re: heads up: php5 security and emergency fix

Posted by Michael Scheidell <sc...@secnap.net>.

this gets me 62 pages:

php5 5.2.7 mq bug


ram wrote:
> On Tue, 2008-12-09 at 07:38 -0500, Michael Scheidell wrote:
>   
>> Last week, a security bullet was released about security problems with 
>> php5 prior to version 5.2.7.
>> Yesterday, a major regression testing problem was fixed in 5.2.7, with 
>> the removal of the 5.2.7 binaries, and the emergency release of 5.2.8.
>>
>>     
>
> Any reference links , I tried to google. Didnt get any 
>
>   

-- 
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
 > *| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * King of Spam Filters, SC Magazine 2008
    * Information Security Award 2008, Info Security Products Guide
    * CRN Magazine Top 40 Emerging Security Vendors


_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________

Re: heads up: php5 security and emergency fix

Posted by Kai Schaetzl <ma...@conactive.com>.

Ram wrote on Wed, 10 Dec 2008 14:48:23 +0530:

> Any reference links , I tried to google. Didnt get any

php.net

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: heads up: php5 security and emergency fix

Posted by ram <ra...@netcore.co.in>.

On Tue, 2008-12-09 at 07:38 -0500, Michael Scheidell wrote:
> Last week, a security bullet was released about security problems with 
> php5 prior to version 5.2.7.
> Yesterday, a major regression testing problem was fixed in 5.2.7, with 
> the removal of the 5.2.7 binaries, and the emergency release of 5.2.8.
> 

Any reference links , I tried to google. Didnt get any