Date: Sun, 15 Oct 2006 13:03:59 -0500 From: Paul Schmehl <pauls@utdallas.edu> To: freebsd-questions@freebsd.org Subject: Re: PHP new vulnarabilities Message-ID: <881EC4C4A4CF64A80537FA61@paul-schmehls-powerbook59.local> In-Reply-To: <200610151239.12127.freebsd@dfwlp.com> References: <45322A1D.8070204@hadara.ps> <20061015151215.15a4062e@loki.starkstrom.lan> <200610151239.12127.freebsd@dfwlp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========D37C02CF48AAD4BBFD9A========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On October 15, 2006 12:39:11 PM -0500 Jonathan Horne <freebsd@dfwlp.com> = wrote: > > ive been scratching my head on this one for a few days too. i have a > box at home, that is running 6.2-PRERELEASE. when i try to install the > lang/php5 port, i get: > > [root@athena /usr/ports/lang/php5]# make install clean > =3D=3D=3D> php5-5.1.6_1 has known vulnerabilities: > =3D> php -- open_basedir Race Condition Vulnerability. > Reference: > <http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a > 62df.html> =3D> Please update your ports tree and try again. > *** Error code 1 > > Stop in /usr/ports/lang/php5. > > however, my server is running the same port, with no issue whatsoever. > That's because you installed the port on the server *before* the=20 vulnerability was found. > [root@zeus /etc/mail]# pkg_info | grep php5 > php5-5.1.6_1 > (and many extensions too) > > perplexing that one box could have it, while another one (using the same > updated ports tree), refuses it. could be related to the code branch im > following on my workstaion versus my server? > No. It's related to the timing of when a security vulnerability was=20 discovered. Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/ --==========D37C02CF48AAD4BBFD9A==========--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?881EC4C4A4CF64A80537FA61>