|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] mod_php update fixes security problems
Date: Sat, 2 Mar 2002 23:11:00 -0800 (PST) |
|
A new mod_php (PHP4) package is available to fix security problems.
Here's the information from the Slackware 8.0 ChangeLog:
----------------------------
Sat Mar 2 22:45:25 PST 2002
patches/packages/mod_php.tgz: Upgraded to PHP 4.1.2.
This fixes several security problems in the POST handling code used for
uploading files through forms. All sites using PHP are urged to upgrade as
soon as possible.
A workaround for securing systems running PHP 4.0.3 or above (which includes
Slackware 8.0) is to add this directive to the php.ini:
file_uploads = Off
(* Security fix *)
----------------------------
WHERE TO FIND THE NEW PACKAGE:
------------------------------
Updated mod_php package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/mod_php.tgz
MD5 SIGNATURE:
--------------
Here is the md5sum for the package:
Slackware 8.0:
8f6a18ac672f51e0cfed418af2c9f582 mod_php.tgz
INSTALLATION INSTRUCTIONS:
--------------------------
First, stop apache:
# apachectl stop
Next, upgrade to the new mod_php.tgz package:
# upgradepkg mod_php.tgz
Finally, restart apache:
# apachectl start
Remember, it's also a good idea to backup configuration files before
upgrading packages.
- Slackware Linux Security Team
http://www.slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
|
| |