PHP 5.3.13 and 5.4.3 released

breun · **Posted:** Tue May 08, 2012 6:17 pm

Quote:

The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311). Note: mod_php and php-fpm are not vulnerable to this attack.

PHP 5.4.3 fixes a buffer overflow vulnerability in the apache_request_headers() (CVE-2012-2329). The PHP 5.3 series is not vulnerable to this issue.

http://www.php.net/archive/2012.php#id2012-05-08-1

mikeshinn · **Posted:** Tue May 08, 2012 6:25 pm

Quote:

PHP 5.4.3 fixes a buffer overflow vulnerability in the apache_request_headers() (CVE-2012-2329). The PHP 5.3 series is not vulnerable to this issue.

ASL systems running the ASL kernel are immune to this vulnerability.

Quote:

The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311). Note: mod_php and php-fpm are not vulnerable to this attack.

As previously noted, ASL systems and real time rules users are immune to this vulnerability.

breun · **Posted:** Thu May 10, 2012 5:33 am

PHP 5.3.13 is currently up in Atomic, but the latest php-eaccelerator is for 5.3.12, which causes yum to do strange suggestions like installing a bunch of 32-bit packages on a 64-bit system.

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

Yum can be amazingly dumb sometimes, yet brilliantly "smart" at others.

Kalimari · **Posted:** Thu May 10, 2012 12:35 pm

breun wrote:

PHP 5.3.13 is currently up in Atomic, but the latest php-eaccelerator is for 5.3.12, which causes yum to do strange suggestions like installing a bunch of 32-bit packages on a 64-bit system.

Yeah, that's a pain!

breun · **Posted:** Thu May 10, 2012 12:58 pm

Well, I understand why yum is suggesting it, but it's definitely not what I want.

PHP 5.3.13 and 5.4.3 released

Who is online