PHP Vulnerability Notification
Bill McGonigle
bill at bfccomputing.com
Mon Dec 27 15:43:01 EST 2004
On Dec 23, 2004, at 12:11 PM, Jonathan Linowes wrote:
> fyi, I just got this from my ISP:
>
>>
>>
>> If you currently use PHP (versions prior to 4.3.10), you may be
>> susceptible
>> to a vulnerability through the "unserialize" function. This could
>> allow a
>> remote user access to your web server content. If you are using an
>> older
>> version of PHP, we strongly recommend that you upgrade as soon as
>> possible.
>> To upgrade to PHP 4.3.10, ....
In case anyone here needs a quick upgrade script, here's what I used to
upgrade my Apache 1.3/PHP 4 setup (I use it for SquirrelMail only;
assumes current apache and php source trees are below current folder):
-Bill
-----
#!/bin/tcsh
cd apache_1.3.33
make distclean
./configure
cd ..
cd php-4.3.10
./configure --with-config-file-path=/usr/local/php/php.ini \
--enable-force-cgi-redirect \
--with-ldap \
--enable-track-vars \
--with-gettext \
--with-openssl \
--with-apache=../apache_1.3.33
make && sudo make install
cd ..
cd apache_1.3.33
./configure --prefix=/usr/local/apache-php \
--activate-module=src/modules/php4/libphp4.a \
--enable-module=rewrite --enable-module=proxy
--enable-module=digest \
--server-uid=apache --server-gid=apache
make && sudo make install
cd ..
sudo mkdir -p /usr/local/php
sudo cp php-4.3.10/php.ini-recommended /usr/local/php
echo
echo "Now configure /usr/local/php/php-recommended.ini"
echo
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Cell: 603.252.2606
http://www.bfccomputing.com/ Text: bill+text at bfccomputing.com
AIM: wpmcgonigle Skype: bill_mcgonigle
More information about the gnhlug-discuss
mailing list