On Monday 22 July 2002 10:29 am, Post, Mark K wrote: > This was forwarded to me by a coworker today. If you have systems running > PHP in a hostile environment, you should upgrade. > -----Original Message----- > Security hole in PHP 4.2.0/4.2.1, enabling a remote attacker to execute > arbitrary code on your webserver with the privileges of the web server > daemon. > Fix available in new version 4.2.2.
Incidentally, I contacted SuSE and learned that their RPMs only go to 4.1.x, including the RPMs for S/390 Linux. SuSE's engineer indicated that their RPM version of PHP is not affected by this bug, as far as is known currently. Still, Mark's advice is probably worth heeding. It's generally a good idea to keep up with security patches, after all. :-) If you built your PHP from source, you should definitely upgrade if you are currently running the affected version 4.2.0 or 4.2.1. Scott -- -----------------------+------------------------------------------------------ Scott Courtney | "I don't mind Microsoft making money. I mind them [EMAIL PROTECTED] | having a bad operating system." -- Linus Torvalds http://4th.com/ | ("The Rebel Code," NY Times, 21 February 1999) | PGP Public Key at http://4th.com/keys/courtney.pubkey
