store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Thu Jun 20, 2013 7:33 am

View unanswered posts | View active topics


Board index » Customer Support Forums » Security Alerts

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
Imaging
 Post subject: PHP 5.3.14 and 5.4.4
Unread postPosted: Thu Jun 14, 2012 10:16 am 
Offline
Forum User
Forum User

Joined: Sat Sep 25, 2010 2:46 pm
Posts: 97
FYI, PHP 5.3.14 and 5.4.4 are out with security fixes:

http://www.php.net/archive/2012.php#id2012-06-14-1

in regards to updates for the atomic repo php packages.

Thanks.
Top
 Profile  
 
mikeshinn
 Post subject: Re: PHP 5.3.14 and 5.4.4
Unread postPosted: Thu Jun 14, 2012 5:23 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3265
Location: Chantilly, VA
Thanks for the alert. New PHP builds will be available shortly.

ASL systems (running the ASL kernel) are immune to the heap overflow vulnerability in PHP.

The DES crypt vulnerability in PHP, well I'll just say this: don't use DES, ever. If you want to use crypt() select one of the stronger algorithms provided by crypt. DES is the least strongest of all the other choices, so always pick a stronger algorithm. There are known weaknesses in older algorithms like DES.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.

Top
 Profile  
 
Kalimari
 Post subject: Re: PHP 5.3.14 and 5.4.4
Unread postPosted: Fri Jun 15, 2012 11:07 am 
Offline
Forum Regular
Forum Regular

Joined: Wed Jan 02, 2008 3:21 pm
Posts: 515
Location: United Kingdom
When I run yum upgrade php, get the following:
Code:
Resolving Dependencies
--> Running transaction check
---> Package php.x86_64 0:5.3.13-5.el6.art will be updated
--> Processing Dependency: php = 5.3.13 for package: 1:php-eaccelerator-5.3.13_0.9.6.1-2.el6.art.x86_64
--> Processing Dependency: php(x86-64) = 5.3.13-5.el6.art for package: php-devel-5.3.13-5.el6.art.x86_64
---> Package php.x86_64 0:5.3.14-6.el6.art will be an update
--> Processing Dependency: php-cli(x86-64) = 5.3.14-6.el6.art for package: php-5.3.14-6.el6.art.x86_64
--> Processing Dependency: php-common(x86-64) = 5.3.14-6.el6.art for package: php-5.3.14-6.el6.art.x86_64
--> Running transaction check
---> Package php.i686 0:5.3.13-5.el6.art will be installed
--> Processing Dependency: php-cli(x86-32) = 5.3.13-5.el6.art for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: php-common(x86-32) = 5.3.13-5.el6.art for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libm.so.6(GLIBC_2.1) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6(GLIBC_2.4) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libgssapi_krb5.so.2 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libm.so.6(GLIBC_2.0) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libbz2.so.1 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libdl.so.2(GLIBC_2.1) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6(GLIBC_2.1.3) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libnsl.so.1 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libxml2.so.2(LIBXML2_2.4.30) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libm.so.6 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6(GLIBC_2.2) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libxml2.so.2(LIBXML2_2.6.11) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libgmp.so.3 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libncurses.so.5 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libz.so.1 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6(GLIBC_2.1) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libpthread.so.0(GLIBC_2.0) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libdl.so.2 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libpthread.so.0 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6(GLIBC_2.3) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libedit.so.0 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libcrypt.so.1 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6(GLIBC_2.3.4) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libk5crypto.so.3 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6(GLIBC_2.2.3) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6(GLIBC_2.1.2) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libcom_err.so.2 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6(GLIBC_2.0) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libxml2.so.2(LIBXML2_2.6.5) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: librt.so.1 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6(GLIBC_2.8) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libxml2.so.2 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libssl.so.10 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libpthread.so.0(GLIBC_2.2) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6(GLIBC_2.11) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libxml2.so.2(LIBXML2_2.5.2) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libdl.so.2(GLIBC_2.0) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libc.so.6(GLIBC_2.7) for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libkrb5.so.3 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libcrypto.so.10 for package: php-5.3.13-5.el6.art.i686
--> Processing Dependency: libxml2.so.2(LIBXML2_2.6.0) for package: php-5.3.13-5.el6.art.i686
---> Package php.x86_64 0:5.3.13-5.el6.art will be updated
---> Package php-cli.x86_64 0:5.3.13-5.el6.art will be updated
---> Package php-cli.x86_64 0:5.3.14-6.el6.art will be an update
---> Package php-common.x86_64 0:5.3.13-5.el6.art will be updated
--> Processing Dependency: php-common(x86-64) = 5.3.13-5.el6.art for package: php-imap-5.3.13-5.el6.art.x86_64
--> Processing Dependency: php-common(x86-64) = 5.3.13-5.el6.art for package: php-mbstring-5.3.13-5.el6.art.x86_64
--> Processing Dependency: php-common(x86-64) = 5.3.13-5.el6.art for package: php-mcrypt-5.3.13-5.el6.art.x86_64
--> Processing Dependency: php-common(x86-64) = 5.3.13-5.el6.art for package: php-xml-5.3.13-5.el6.art.x86_64
--> Processing Dependency: php-common(x86-64) = 5.3.13-5.el6.art for package: php-pdo-5.3.13-5.el6.art.x86_64
--> Processing Dependency: php-common(x86-64) = 5.3.13-5.el6.art for package: php-gd-5.3.13-5.el6.art.x86_64
---> Package php-common.x86_64 0:5.3.14-6.el6.art will be an update
---> Package php-devel.x86_64 0:5.3.13-5.el6.art will be updated
---> Package php-devel.x86_64 0:5.3.14-6.el6.art will be an update
--> Running transaction check
---> Package bzip2-libs.i686 0:1.0.5-7.el6_0 will be installed
---> Package glibc.i686 0:2.12-1.47.el6_2.12 will be installed
--> Processing Dependency: libfreebl3.so(NSSRAWHASH_3.12.3) for package: glibc-2.12-1.47.el6_2.12.i686
--> Processing Dependency: libfreebl3.so for package: glibc-2.12-1.47.el6_2.12.i686
---> Package gmp.i686 0:4.3.1-7.el6_2.2 will be installed
--> Processing Dependency: libstdc++.so.6(CXXABI_1.3) for package: gmp-4.3.1-7.el6_2.2.i686
--> Processing Dependency: libgcc_s.so.1 for package: gmp-4.3.1-7.el6_2.2.i686
--> Processing Dependency: libstdc++.so.6(GLIBCXX_3.4.11) for package: gmp-4.3.1-7.el6_2.2.i686
--> Processing Dependency: libstdc++.so.6 for package: gmp-4.3.1-7.el6_2.2.i686
--> Processing Dependency: libstdc++.so.6(GLIBCXX_3.4) for package: gmp-4.3.1-7.el6_2.2.i686
--> Processing Dependency: libgcc_s.so.1(GCC_3.0) for package: gmp-4.3.1-7.el6_2.2.i686
---> Package krb5-libs.i686 0:1.9-22.el6_2.1 will be installed
--> Processing Dependency: libkeyutils.so.1(KEYUTILS_0.3) for package: krb5-libs-1.9-22.el6_2.1.i686
--> Processing Dependency: libkeyutils.so.1 for package: krb5-libs-1.9-22.el6_2.1.i686
--> Processing Dependency: libselinux.so.1 for package: krb5-libs-1.9-22.el6_2.1.i686
---> Package libcom_err.i686 0:1.41.12-11.el6 will be installed
---> Package libedit.i686 0:3.0-2.20090923cvs.el6.art will be installed
---> Package libxml2.i686 0:2.7.6-4.el6_2.4 will be installed
---> Package ncurses-libs.i686 0:5.7-3.20090208.el6 will be installed
---> Package openssl.i686 0:1.0.0-20.el6_2.5 will be installed
---> Package php-cli.i686 0:5.3.13-5.el6.art will be installed
---> Package php-cli.x86_64 0:5.3.13-5.el6.art will be updated
---> Package php-common.i686 0:5.3.13-5.el6.art will be installed
--> Processing Dependency: libcurl.so.4 for package: php-common-5.3.13-5.el6.art.i686
---> Package php-common.x86_64 0:5.3.13-5.el6.art will be updated
---> Package php-gd.x86_64 0:5.3.13-5.el6.art will be updated
---> Package php-gd.x86_64 0:5.3.14-6.el6.art will be an update
---> Package php-imap.x86_64 0:5.3.13-5.el6.art will be updated
---> Package php-imap.x86_64 0:5.3.14-6.el6.art will be an update
---> Package php-mbstring.x86_64 0:5.3.13-5.el6.art will be updated
---> Package php-mbstring.x86_64 0:5.3.14-6.el6.art will be an update
---> Package php-mcrypt.x86_64 0:5.3.13-5.el6.art will be updated
---> Package php-mcrypt.x86_64 0:5.3.14-6.el6.art will be an update
---> Package php-pdo.x86_64 0:5.3.13-5.el6.art will be updated
--> Processing Dependency: php-pdo(x86-64) = 5.3.13-5.el6.art for package: php-mysql-5.3.13-5.el6.art.x86_64
---> Package php-pdo.x86_64 0:5.3.14-6.el6.art will be an update
---> Package php-xml.x86_64 0:5.3.13-5.el6.art will be updated
---> Package php-xml.x86_64 0:5.3.14-6.el6.art will be an update
---> Package zlib.i686 0:1.2.3-27.el6 will be installed
--> Running transaction check
---> Package keyutils-libs.i686 0:1.4-3.el6 will be installed
---> Package libcurl.i686 0:7.19.7-26.el6_2.4 will be installed
--> Processing Dependency: libnss3.so(NSS_3.10) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libssl3.so(NSS_3.2) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libnss3.so(NSS_3.12.5) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libnspr4.so for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libnss3.so(NSS_3.2) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libssl3.so(NSS_3.11.4) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libnss3.so(NSS_3.3) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libnssutil3.so for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libidn.so.11(LIBIDN_1.0) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libnss3.so(NSS_3.9.2) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libssh2.so.1 for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libnss3.so(NSS_3.9.3) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libnss3.so(NSS_3.5) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libssl3.so for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libnss3.so(NSS_3.12) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libplds4.so for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libsmime3.so for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libidn.so.11 for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libssl3.so(NSS_3.4) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libnss3.so(NSS_3.4) for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libplc4.so for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libldap-2.4.so.2 for package: libcurl-7.19.7-26.el6_2.4.i686
--> Processing Dependency: libnss3.so for package: libcurl-7.19.7-26.el6_2.4.i686
---> Package libgcc.i686 0:4.4.6-3.el6 will be installed
---> Package libselinux.i686 0:2.0.94-5.2.el6 will be installed
---> Package libstdc++.i686 0:4.4.6-3.el6 will be installed
---> Package nss-softokn-freebl.i686 0:3.12.9-11.el6 will be installed
---> Package php-mysql.x86_64 0:5.3.13-5.el6.art will be updated
---> Package php-mysql.x86_64 0:5.3.14-6.el6.art will be an update
--> Running transaction check
---> Package libidn.i686 0:1.18-2.el6 will be installed
---> Package libssh2.i686 0:1.2.2-7.el6_2.3 will be installed
---> Package nspr.i686 0:4.8.9-3.el6_2 will be installed
---> Package nss.i686 0:3.13.1-7.el6_2 will be installed
--> Processing Dependency: nss-softokn(x86-32) >= 3.12.9 for package: nss-3.13.1-7.el6_2.i686
--> Processing Dependency: libsoftokn3.so for package: nss-3.13.1-7.el6_2.i686
---> Package nss-util.i686 0:3.13.1-3.el6_2 will be installed
---> Package openldap.i686 0:2.4.23-20.el6 will be installed
--> Processing Dependency: libsasl2.so.2 for package: openldap-2.4.23-20.el6.i686
--> Running transaction check
---> Package cyrus-sasl-lib.i686 0:2.1.23-13.el6 will be installed
--> Processing Dependency: libdb-4.7.so for package: cyrus-sasl-lib-2.1.23-13.el6.i686
---> Package nss-softokn.i686 0:3.12.9-11.el6 will be installed
--> Processing Dependency: libsqlite3.so.0 for package: nss-softokn-3.12.9-11.el6.i686
--> Running transaction check
---> Package db4.i686 0:4.7.25-16.el6 will be installed
---> Package sqlite.i686 0:3.7.9-1.el6.art will be installed
--> Processing Dependency: libreadline.so.6 for package: sqlite-3.7.9-1.el6.art.i686
--> Running transaction check
---> Package readline.i686 0:6.0-3.el6 will be installed
--> Finished Dependency Resolution
Error: Protected multilib versions: php-common-5.3.13-5.el6.art.i686 != php-common-5.3.14-6.el6.art.x86_64
Error: Protected multilib versions: php-5.3.13-5.el6.art.i686 != php-5.3.14-6.el6.art.x86_64
Error: Protected multilib versions: php-cli-5.3.14-6.el6.art.x86_64 != php-cli-5.3.13-5.el6.art.i686
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest


All solutions I have read suggest removing the conflicting "existing" i686 packages, but there are no *.i686 packages installed, they are trying to load them as part of the upgrade. Have run yum clean all and re-run. Ran the update on another CentOS 6 server without any issues. Any have any ideas?

Thanks!
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 3 posts ] 

Board index » Customer Support Forums » Security Alerts

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group