[CentOS] New 4.4 install PHP security concern

Eucke euckew at sierraelectronics.com
Wed Sep 20 16:47:14 UTC 2006


Hello everyone.  I am an FC2 refugee that's been lurking for a while.  I 
am finishing up a Centos 4.4 build and am going through looking at 
security issues.  In running a nessus scan I am finding it complaining 
about the versions for php, php-ldap, php-mbstring and php-pear.  The 
complaint indicates that a much newer version of this exists and 
specifically names php-5.0.4-4.centos4 (by way of example).  In 
researching this I am finding that this is not deemed to be part of the 
upgrade path for the default version in 4.4.  I am also finding numerous 
issues with this "recommended" version breaking things right and left.  
I've searched the forums and the web so I decided to post here.

Has anyone replaced the stock php (and related items) build and been 
perfectly happy with the results?  Any reason why this "newer" version 
of php is not part of the natural upgrade path?  Any writeups by anyone 
that has walked this path already?

Thanks in advance!

-- 
Eucke




More information about the CentOS mailing list