Warning: PHP Update from 5.2.10 to 5.2.11 and FastCGI
nightrecon at hotmail.com
Sat Sep 26 17:34:06 UTC 2009
Today I did a portupgrade of PHP from 5.2.10 to 5.2.11.
This broke both lighttpd and Apache web servers, on which I run PHP as
FastCGI. I do not know if this affects those who use mod_php as I do not use
it. I use mod_fcgid instead.
Execute php -v at a prompt and it will spew the following and segfault.
testbed suhosin: ALERT - canary mismatch on efree() - heap overflow
detected (attacker 'REMOTE_ADDR not set', file 'unknown')
If you are using FastCGI the workaround is to do make config in lang/php5
and deselect the Suhosin option. There is something very broken in the
Suhosin patch as far as CLI and FastCGI is concerned.
More information about the freebsd-questions