PHP 5.3.12 and PHP 5.4.2 released

breun · **Posted:** Fri May 04, 2012 5:09 am

Quote:

There is a vulnerability in certain CGI-based setups (Apache+mod_php and nginx+php-fpm are not affected) that has gone unnoticed for at least 8 years.

http://www.php.net/archive/2012.php#id2012-05-03-1

I see 5.3.12 is already built for atomic: https://twitter.com/atomicturtle/status ... 4815770624

breun · **Posted:** Fri May 04, 2012 11:24 am

The 64-bit php-5.3.12-5.el5.art packages seem to depend on 32-bit packages:

Code:

# yum update php\*
Loaded plugins: allowdowngrade, changelog, fastestmirror, merge-conf, security
Loading mirror speeds from cached hostfile
 * atomic: www7.atomicorp.com
 * base: centos.mirror.transip.nl
 * epel: ftp.nluug.nl
 * extras: centos.mirror.transip.nl
 * rpmforge: archive.cs.uu.nl
 * updates: centos.mirror.transip.nl
Excluding Packages from CentOS / Red Hat Enterprise Linux 5 - atomicrocketturtle.com
Finished
Reducing ATrpms - x86_64 to included packages only
Finished
Excluding Packages from Extra Packages for Enterprise Linux 5 - x86_64
Finished
Reducing RHEL 5 - RPMforge.net - dag to included packages only
Finished
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
--> Processing Dependency: php = 5.3.10 for package: php-eaccelerator
---> Package php.x86_64 0:5.3.12-5.el5.art set to be updated
---> Package php-bcmath.x86_64 0:5.3.12-5.el5.art set to be updated
--> Processing Dependency: php-cli = 5.3.10-5.el5.art for package: php
---> Package php-cli.x86_64 0:5.3.12-5.el5.art set to be updated
--> Processing Dependency: php-common = 5.3.10-5.el5.art for package: php-cli
--> Processing Dependency: php-common = 5.3.10-5.el5.art for package: php
---> Package php-common.x86_64 0:5.3.12-5.el5.art set to be updated
---> Package php-devel.x86_64 0:5.3.12-5.el5.art set to be updated
---> Package php-gd.x86_64 0:5.3.12-5.el5.art set to be updated
---> Package php-imap.x86_64 0:5.3.12-5.el5.art set to be updated
---> Package php-mbstring.x86_64 0:5.3.12-5.el5.art set to be updated
---> Package php-mcrypt.x86_64 0:5.3.12-5.el5.art set to be updated
---> Package php-mysql.x86_64 0:5.3.12-5.el5.art set to be updated
---> Package php-pdo.x86_64 0:5.3.12-5.el5.art set to be updated
---> Package php-soap.x86_64 0:5.3.12-5.el5.art set to be updated
---> Package php-xml.x86_64 0:5.3.12-5.el5.art set to be updated
--> Running transaction check
---> Package php.i386 0:5.3.10-5.el5.art set to be updated
--> Processing Dependency: libm.so.6(GLIBC_2.1) for package: php
--> Processing Dependency: libc.so.6(GLIBC_2.4) for package: php
--> Processing Dependency: libgssapi_krb5.so.2 for package: php
--> Processing Dependency: libm.so.6(GLIBC_2.0) for package: php
--> Processing Dependency: libbz2.so.1 for package: php
--> Processing Dependency: libdl.so.2(GLIBC_2.1) for package: php
--> Processing Dependency: libc.so.6(GLIBC_2.1.3) for package: php
--> Processing Dependency: libnsl.so.1 for package: php
--> Processing Dependency: libm.so.6 for package: php
--> Processing Dependency: libc.so.6(GLIBC_2.2) for package: php
--> Processing Dependency: libgmp.so.3 for package: php
--> Processing Dependency: libncurses.so.5 for package: php
--> Processing Dependency: libz.so.1 for package: php
--> Processing Dependency: libc.so.6(GLIBC_2.1) for package: php
--> Processing Dependency: libc.so.6 for package: php
--> Processing Dependency: libpthread.so.0(GLIBC_2.0) for package: php
--> Processing Dependency: libedit.so.0 for package: php
--> Processing Dependency: libpthread.so.0 for package: php
--> Processing Dependency: libc.so.6(GLIBC_2.3) for package: php
--> Processing Dependency: libdl.so.2 for package: php
--> Processing Dependency: libcrypt.so.1 for package: php
--> Processing Dependency: libc.so.6(GLIBC_2.3.4) for package: php
--> Processing Dependency: libk5crypto.so.3 for package: php
--> Processing Dependency: libc.so.6(GLIBC_2.2.3) for package: php
--> Processing Dependency: libssl.so.6 for package: php
--> Processing Dependency: libc.so.6(GLIBC_2.1.2) for package: php
--> Processing Dependency: libcom_err.so.2 for package: php
--> Processing Dependency: libcrypto.so.6 for package: php
--> Processing Dependency: libc.so.6(GLIBC_2.0) for package: php
--> Processing Dependency: librt.so.1 for package: php
--> Processing Dependency: libxml2.so.2 for package: php
--> Processing Dependency: libpthread.so.0(GLIBC_2.2) for package: php
--> Processing Dependency: libdl.so.2(GLIBC_2.0) for package: php
--> Processing Dependency: libkrb5.so.3 for package: php
---> Package php-cli.i386 0:5.3.10-5.el5.art set to be updated
---> Package php-common.i386 0:5.3.10-5.el5.art set to be updated
--> Processing Dependency: libcurl.so.3 for package: php-common
--> Processing Dependency: libidn.so.11 for package: php-common
--> Running transaction check
---> Package bzip2-libs.i386 0:1.0.3-6.el5_5 set to be updated
---> Package curl.i386 0:7.15.5-15.el5 set to be updated
---> Package e2fsprogs-libs.i386 0:1.39-33.el5 set to be updated
--> Processing Dependency: libdevmapper.so.1.02 for package: e2fsprogs-libs
---> Package glibc.i686 0:2.5-81.el5_8.2 set to be updated
---> Package gmp.i386 0:4.1.4-10.el5 set to be updated
--> Processing Dependency: libgcc_s.so.1 for package: gmp
--> Processing Dependency: libstdc++.so.6(CXXABI_1.3) for package: gmp
--> Processing Dependency: libgcc_s.so.1(GCC_3.0) for package: gmp
--> Processing Dependency: libstdc++.so.6 for package: gmp
--> Processing Dependency: libstdc++.so.6(GLIBCXX_3.4) for package: gmp
---> Package krb5-libs.i386 0:1.6.1-70.el5 set to be updated
--> Processing Dependency: libkeyutils.so.1 for package: krb5-libs
--> Processing Dependency: libselinux.so.1 for package: krb5-libs
--> Processing Dependency: libkeyutils.so.1(KEYUTILS_0.3) for package: krb5-libs
---> Package libedit.i386 0:3.0-2.20090923cvs.el5.art set to be updated
---> Package libidn.i386 0:0.6.5-1.1 set to be updated
---> Package libxml2.i386 0:2.6.26-2.1.15.el5_8.2 set to be updated
---> Package ncurses.i386 0:5.5-24.20060715 set to be updated
---> Package openssl.i686 0:0.9.8e-22.el5_8.3 set to be updated
---> Package zlib.i386 0:1.2.3-4.el5 set to be updated
--> Running transaction check
---> Package device-mapper.i386 0:1.02.67-2.el5 set to be updated
--> Processing Dependency: libsepol.so.1 for package: device-mapper
---> Package keyutils-libs.i386 0:1.2-1.el5 set to be updated
---> Package libgcc.i386 0:4.1.2-52.el5 set to be updated
---> Package libselinux.i386 0:1.33.4-5.7.el5 set to be updated
---> Package libstdc++.i386 0:4.1.2-52.el5 set to be updated
--> Running transaction check
---> Package libsepol.i386 0:2.0.36-1.el5.art set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
 Package                      Arch                 Version                                  Repository             Size
========================================================================================================================
Updating:
 php                          x86_64               5.3.12-5.el5.art                         atomic                2.8 M
 php-bcmath                   x86_64               5.3.12-5.el5.art                         atomic                 40 k
 php-cli                      x86_64               5.3.12-5.el5.art                         atomic                2.6 M
 php-common                   x86_64               5.3.12-5.el5.art                         atomic                1.0 M
 php-devel                    x86_64               5.3.12-5.el5.art                         atomic                1.3 M
 php-gd                       x86_64               5.3.12-5.el5.art                         atomic                208 k
 php-imap                     x86_64               5.3.12-5.el5.art                         atomic                 88 k
 php-mbstring                 x86_64               5.3.12-5.el5.art                         atomic                2.3 M
 php-mcrypt                   x86_64               5.3.12-5.el5.art                         atomic                 47 k
 php-mysql                    x86_64               5.3.12-5.el5.art                         atomic                 95 k
 php-pdo                      x86_64               5.3.12-5.el5.art                         atomic                119 k
 php-soap                     x86_64               5.3.12-5.el5.art                         atomic                278 k
 php-xml                      x86_64               5.3.12-5.el5.art                         atomic                225 k
Installing for dependencies:
 bzip2-libs                   i386                 1.0.3-6.el5_5                            base                   37 k
 curl                         i386                 7.15.5-15.el5                            base                  235 k
 device-mapper                i386                 1.02.67-2.el5                            base                  799 k
 e2fsprogs-libs               i386                 1.39-33.el5                              base                  120 k
 glibc                        i686                 2.5-81.el5_8.2                           updates               5.3 M
 gmp                          i386                 4.1.4-10.el5                             base                  664 k
 keyutils-libs                i386                 1.2-1.el5                                base                   18 k
 krb5-libs                    i386                 1.6.1-70.el5                             base                  669 k
 libedit                      i386                 3.0-2.20090923cvs.el5.art                atomic                 80 k
 libgcc                       i386                 4.1.2-52.el5                             base                   97 k
 libidn                       i386                 0.6.5-1.1                                base                  194 k
 libselinux                   i386                 1.33.4-5.7.el5                           base                   77 k
 libsepol                     i386                 2.0.36-1.el5.art                         atomic                129 k
 libstdc++                    i386                 4.1.2-52.el5                             base                  363 k
 libxml2                      i386                 2.6.26-2.1.15.el5_8.2                    updates               797 k
 ncurses                      i386                 5.5-24.20060715                          base                  1.1 M
 openssl                      i686                 0.9.8e-22.el5_8.3                        updates               1.5 M
 php                          i386                 5.3.10-5.el5.art                         atomic                2.7 M
 php-cli                      i386                 5.3.10-5.el5.art                         atomic                2.6 M
 php-common                   i386                 5.3.10-5.el5.art                         atomic                992 k
 zlib                         i386                 1.2.3-4.el5                              base                   51 k

Transaction Summary
========================================================================================================================
Install      21 Package(s)
Upgrade      13 Package(s)

Total download size: 30 M
Is this ok [y/N]:

breun · **Posted:** Fri May 04, 2012 3:34 pm

Ah, I guess that php-eaccelerator wasn't built for 5.3.12 yet, it's working fine now.

mikeshinn · **Posted:** Fri May 04, 2012 6:30 pm

Quote:

There is a vulnerability in certain CGI-based setups (Apache+mod_php and nginx+php-fpm are not affected) that has gone unnoticed for at least 8 years.

http://www.php.net/archive/2012.php#id2012-05-03-1

ASL and real time rules users are immune to this vulnerability.

PHP 5.3.12 and PHP 5.4.2 released

Who is online