Topic: php-4.0.5-2.arvin on essg 4.1.2 - how do i fix the security

[Scared Simon]

hi,

i followed one of Dan Brown's HOWTOs ages ago to upgrade PHP.
i now have the following rpms installed:

php-imap-4.0.5-2.arvin
php-mysql-4.0.5-2.arvin
e-smith-php-1.2.0-04
mod_php-4.0.5-2.arvin
php-4.0.5-2.arvin
php-ldap-4.0.5-2.arvin
php-gd-4.0.5-2.arvin

obviously my server is vulnerable to the php exploits.
my server is 4.1.2.
i can't upgrade to SME5 as I need things such as squid proxy authentication which as far as i know doesn't have a how-to for SME5 so I am stuck with 4.1.2
need to use php for website and webmail.
how can i make my server safe?
desperately in need of any help!

[Dan Brown]

Try upgrading to the latest RPMs at rpms.arvin.dk for RH 6.2.  He says they have the security fix applied.

[Scared Simon]

Thanks Dan.  I will.
Just one more question:  if installing the latest ones messes up the server, how can I 'undo' the damage?
Can I just remove those rpms and reinstall the original ones?

[Dan Brown]

You should be able to, but I can't guarantee that, as I haven't done anything with those versions of his RPMs.

[Jim Warrat]

I can't get my PHP updated... anyone have instructions for 4.1.2?

[Jim Warrat]

I used Dan Brown's update.  And I'm sure it worked.