Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Scared Simon on March 10, 2002, 08:46:09 PM

Title: php-4.0.5-2.arvin on essg 4.1.2 - how do i fix the security
Post by: Scared Simon on March 10, 2002, 08:46:09 PM

hi,

i followed one of Dan Brown's HOWTOs ages ago to upgrade PHP.
i now have the following rpms installed:

php-imap-4.0.5-2.arvin
php-mysql-4.0.5-2.arvin
e-smith-php-1.2.0-04
mod_php-4.0.5-2.arvin
php-4.0.5-2.arvin
php-ldap-4.0.5-2.arvin
php-gd-4.0.5-2.arvin

obviously my server is vulnerable to the php exploits.
my server is 4.1.2.
i can't upgrade to SME5 as I need things such as squid proxy authentication which as far as i know doesn't have a how-to for SME5 so I am stuck with 4.1.2
need to use php for website and webmail.
how can i make my server safe?
desperately in need of any help!

Title: Re: php-4.0.5-2.arvin on essg 4.1.2 - how do i fix the secu
Post by: Dan Brown on March 10, 2002, 08:59:02 PM

Try upgrading to the latest RPMs at rpms.arvin.dk for RH 6.2.  He says they have the security fix applied.

Title: Re: php-4.0.5-2.arvin on essg 4.1.2 - how do i fix the secu
Post by: Scared Simon on March 10, 2002, 09:45:35 PM

Thanks Dan.  I will.
Just one more question:  if installing the latest ones messes up the server, how can I 'undo' the damage?
Can I just remove those rpms and reinstall the original ones?

Title: Re: php-4.0.5-2.arvin on essg 4.1.2 - how do i fix the secu
Post by: Dan Brown on March 10, 2002, 10:38:43 PM

You should be able to, but I can't guarantee that, as I haven't done anything with those versions of his RPMs.

Title: Re: php-4.0.5-2.arvin on essg 4.1.2 - how do i fix the secu
Post by: Jim Warrat on March 11, 2002, 09:05:50 PM

I can't get my PHP updated... anyone have instructions for 4.1.2?

Title: Re: php-4.0.5-2.arvin on essg 4.1.2 - how do i fix the secu
Post by: Jim Warrat on March 11, 2002, 10:23:55 PM

I used Dan Brown's update.  And I'm sure it worked.