Le jeudi 09 février 2012 à 15:01 -0600, Johnny Hughes a écrit :
On 02/09/2012 04:16 AM, John R. Dennison wrote:
On Thu, Feb 09, 2012 at 12:07:34PM +0200, Peter Peltonen wrote:
Hi,
There is a PHP 5.2 RPM for CentoOS5 in the testing repo:
This should be avoided at all costs. Those packages have not been updated for ever and as a result have multiple known critical vulnerabilities. Additionally, as has been pointed out repeatedly, these packages must be removed; the project is effectively pushing known vulnerable packages.
Use the IUS repository and the php-5.2.17 packages they supply. IUS is known and vetted and they have a commercial stake in the stability and integrity of the packages in that repo as they are what RackSpace makes available to their own paying customers.
Please see http://wiki.centos.org/AdditionalResources/Repositories for more information and a link to the IUS repo.
For the record, those 5.2.10 php files are the latest released from here:
ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/
Those are from the Red Hat Web Application Stack for EL5. It gets errata here:
https://rhn.redhat.com/errata/rhel-appstk-5-errata.html
As to whether or not you should use them, that is ... of course ... up to you. It is the latest released, by upstream.
i build php rpm and other source in the style centos php53 with package ius http://ns.fakessh.eu/rpms