[CentOS] New 4.4 install PHP security concern
euckew at sierraelectronics.com
Wed Sep 20 16:47:14 UTC 2006
Hello everyone. I am an FC2 refugee that's been lurking for a while. I
am finishing up a Centos 4.4 build and am going through looking at
security issues. In running a nessus scan I am finding it complaining
about the versions for php, php-ldap, php-mbstring and php-pear. The
complaint indicates that a much newer version of this exists and
specifically names php-5.0.4-4.centos4 (by way of example). In
researching this I am finding that this is not deemed to be part of the
upgrade path for the default version in 4.4. I am also finding numerous
issues with this "recommended" version breaking things right and left.
I've searched the forums and the web so I decided to post here.
Has anyone replaced the stock php (and related items) build and been
perfectly happy with the results? Any reason why this "newer" version
of php is not part of the natural upgrade path? Any writeups by anyone
that has walked this path already?
Thanks in advance!
More information about the CentOS