Hi Guys, I'm looking at php php-5.1.6-3.el4s1.10.i386.rpm in the CentOS plus repo dated from 31st July 2008. Is it vulnerable from the exploits in php 5.1.x and 5.2? Thanks, Spike.
John R. Dennison
2011-Jul-02 20:57 UTC
[CentOS] php 5.1.6 vulnerability in CentosPlus repo
On Sat, Jul 02, 2011 at 08:51:33PM +0100, Spike Turner wrote:> Hi Guys, > > I'm looking at php php-5.1.6-3.el4s1.10.i386.rpm in the CentOS plus > repo dated from 31st July 2008. Is it vulnerable from the exploits in > php 5.1.x and 5.2?That's not been supported in, literally, ages. You may want to consider a "yum update" once in a while. And yes, that specific version has multiple known and exploitable security issues. John -- <DiscordianUK> deselect was written by someone who OD'ed on vi -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20110702/fdff989b/attachment-0002.sig>
--- On Sat, 2/7/11, John R. Dennison <jrd at gerdesas.com> wrote:> That's not been supported in, literally, ages.? You > may want to consider > a "yum update" once in a while. > > And yes, that specific version has multiple known and > exploitable > security issues. > ??? ??? ??? > ??? JohnI'm running it on an internal box not accessible from the internet. I do run a yum update and that seems to be the latest CentOS Plus version. http://mirror.centos.org/centos/4/centosplus/i386/RPMS/ You can see that the kernels are updated but the php is not, so I don't see why you said I should consider "running a yum update once in a while". Regards, Spike.