[CentOS] php 5.1.6 vulnerability in CentosPlus repo
Alain Péan
alain.pean at lpp.polytechnique.frSun Jul 3 12:29:12 UTC 2011
- Previous message: [CentOS] php 5.1.6 vulnerability in CentosPlus repo
- Next message: [CentOS] php 5.1.6 vulnerability in CentosPlus repo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Le 03/07/2011 10:28, Spike Turner a écrit : > --- On Sat, 2/7/11, John R. Dennison<jrd at gerdesas.com> wrote: > >> That's not been supported in, literally, ages. You >> may want to consider >> a "yum update" once in a while. >> >> And yes, that specific version has multiple known and >> exploitable >> security issues. >> >> John > I'm running it on an internal box not accessible from the internet. I do run a yum update and that seems to be the latest CentOS Plus version. > > http://mirror.centos.org/centos/4/centosplus/i386/RPMS/ > > You can see that the kernels are updated but the php is not, so I don't see why you said I should consider "running a yum update once in a while". > Hi Spike, I agree. Here is what I have on a CentOS 5.6 machine : ]# yum info php .... Available Packages Name : php Arch : x86_64 Version : 5.1.6 Release : 27.el5_5.3 Size : 2.3 M Repo : base So 5.1.6 is the current package on CentOS, at least in base repo, I don't know for CentOSPlus, and your question is totally valid. I am not using PHP, so I am not aware of the last vulnerabilities, but you should know that RedHat backports security fixes, and features, from further releases, so the version number is not that informative. See for example this rather old thread (2010) : http://forums.whirlpool.net.au/archive/1424743 Hopes that helps... Alain
- Previous message: [CentOS] php 5.1.6 vulnerability in CentosPlus repo
- Next message: [CentOS] php 5.1.6 vulnerability in CentosPlus repo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list