Warning: PHP Update from 5.2.10 to 5.2.11 and FastCGI

Michael Powell nightrecon at hotmail.com
Sat Sep 26 17:34:06 UTC 2009

Today I did a portupgrade of PHP from 5.2.10 to 5.2.11. 

This broke both lighttpd and Apache web servers, on which I run PHP as 
FastCGI. I do not know if this affects those who use mod_php as I do not use 
it. I use mod_fcgid instead.

Execute php -v at a prompt and it will spew the following and segfault.

testbed suhosin[48982]: ALERT - canary mismatch on efree() - heap overflow 
detected (attacker 'REMOTE_ADDR not set', file 'unknown') 

If you are using FastCGI the workaround is to do make config in lang/php5 
and deselect the Suhosin option. There is something very broken in the 
Suhosin patch as far as CLI and FastCGI is concerned.


More information about the freebsd-questions mailing list