Date: Sat, 26 Sep 2009 13:34:25 -0400 From: Michael Powell <nightrecon@hotmail.com> To: freebsd-questions@freebsd.org Subject: Warning: PHP Update from 5.2.10 to 5.2.11 and FastCGI Message-ID: <h9lj9l$6si$1@ger.gmane.org>
next in thread | raw e-mail | index | archive | help
Today I did a portupgrade of PHP from 5.2.10 to 5.2.11. This broke both lighttpd and Apache web servers, on which I run PHP as FastCGI. I do not know if this affects those who use mod_php as I do not use it. I use mod_fcgid instead. Execute php -v at a prompt and it will spew the following and segfault. testbed suhosin[48982]: ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file 'unknown') If you are using FastCGI the workaround is to do make config in lang/php5 and deselect the Suhosin option. There is something very broken in the Suhosin patch as far as CLI and FastCGI is concerned. -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?h9lj9l$6si$1>