port php5 - what I am supposed to do here?
Alain Wolf
wolf at k18.ch
Thu Oct 5 20:40:19 PDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello List,
Portuadit telles my about the "open_basedir Race Condition
Vulnerability", OK.
By reading the advisory on
http://www.hardened-php.net/advisory_082006.132.html I can safely say
this does not apply to our environment, we don't use open_basedir or
safe_mode and Suhosin is planned anyway (after test).
With a "portsnap fetch update" I get a new version php5-5.1.6_1 in my
portstree, OK.
But "portmanager -u" or even manually with "make install clean"
everything fails with the following message:
===> php5-5.1.6_1 has known vulnerabilities:
=> php -- open_basedir Race Condition Vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>
=> Please update your ports tree and try again.
*** Error code 1
So what to do now?
There are quite a lot if dependencies which i can't update too now.
Also installing/enabling Suhosin seems not possible anymore now.
Any suggestions are welcome.
Greetings fomr Switzerland
Alain Wolf
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFJcsDV5MZZmyxvGgRAn4oAKDBqaGjcOflahgH4XRp6WCg0T6qLQCg3uni
vk77USw9+yElWvFCJBcDHxs=
=4wj4
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list