php4 update fails
Armin Pirkovitsch
a.pirko at inode.at
Tue Oct 10 11:05:02 PDT 2006
Matt Craig wrote:
> [...]
> ===> Cleaning for php4-4.4.4
> ===> php4-4.4.4 has known vulnerabilities:
> => php -- open_basedir Race Condition Vulnerability.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>
>
> => Please update your ports tree and try again.
> *** Error code 1
> I also tried portupgrade Nfp, removing the package with pkg_delete php4
> and adding it back again with pkg_add -r php4, and I get the same
> thing. Doing a make install yields the same results as well. I also
> get the same thing after updating the ports tree with cvsup.
>
> Is it possible that php4 will not update because of the open_basedir
> Race Condition Vulnerability? If so it fails to mention that.
Just follow the url stated in the error - if you look more closely all
listed php ports are concerned and each port with a >=0 means that there
is no patch yet - which means that any attempt to install it will fail.
The only way to override a vulnaritbility is to set
DISABLE_VULNERABILITIES - however this shouldn't be used careless.
--
Armin Pirkovitsch
a.pirko at inode.at
More information about the freebsd-ports
mailing list