Re: CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload
On Thu, Feb 28, 2002 at 08:37:45AM -0000, Jeff wrote:
> I received this CERT Advisory about 6 hours ago, regarding PHP.
> The php website confirms the details: www.php.net
> I think this is going to be a problem for us, due to the way
> the Debian packaging works -
> I guess that the immediate solution in this case is for us to
> try to get the unstable Apache 1.3.23 package + an updated
> PHP4 4.2.1 package + MySQL, SSL etc to work. mmmm - aint
> going to be quick to test this and roll it out into production,
> and in the mean time, we have production servers running
> a PHP4 that has a now widely known security issue. Oh - and
> yes, we could go out of business and not accept data, but
> methinks my tenure would be somewhat shortened if I propose
> that at our emergency security meeting in an hours time!
> Help?
Grab the php4.05 source package, patch and rebuild the package, then
distribute.
--
Share and Enjoy.
Reply to: