← Back to team overview

ius-coredev team mailing list archive

Re: [Question #196561]: upgrade PHP from 5.3.10 to 5.4

 

Question #196561 on IUS Community Project changed:
https://answers.launchpad.net/ius/+question/196561

    Status: Open => Answered

Jeffrey Ness proposed the following answer:
Hello Christopher,

Thank you for taking the time to post this question on the IUS answer
board.

I believe you are referring to the CVE vulnerability listed below:

   http://www.php.net/archive/2012.php#id2012-05-03-1
   http://www.php.net/archive/2012.php#id2012-05-06-1
   http://www.php.net/archive/2012.php#id2012-05-08-1

As mentioned on these PHP archives "mod_php and php-fpm are not vulnerable to this attack.",
so if you are using these methods you will be safe.

IUS does have php53u-5.3.13 packages available in testing (pushed last
night):

http://dl.iuscommunity.org/pub/ius/testing/Redhat/5/x86_64/repoview/php53u.html

If you are not using one of the methods above, and are at risk I would
suggest using these testing packages.

As for moving to php54, these packages are also at risk (the latest
packages are also in testing).

Hopefully this helps you out, if not let me know.

Jeffrey-

-- 
You received this question notification because you are a member of IUS
Core Development, which is an answer contact for IUS Community Project.