PHP 5.3.5 and 5.2.17 Released!

smtalk

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,627
Location
LT, EU
From php.net:
The PHP development team would like to announce the immediate availability of PHP 5.3.5 and 5.2.17.

This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.

The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit. You can test whether your system is affected by running this script (http://php.net/distributions/test_bug53632.txt) from the command line.

All users of PHP are strongly advised to update to these versions immediately.
 
What do you mean when does? You have to do it yourself. Its not a robot that knows when things need to be updated.

cd /usr/local/directadmin/custombuild
./build update
./build clean
./build update_versions
 
I suppose, Suurbier meant, that custombuild suggest 5.2.16 as latest version:

Code: 
Latest version of PHP5 (CGI): 5.2.16
Installed version of PHP5 (CGI): 5.2.16
 
smtalk said:
The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit. You can test whether your system is affected by running this script (http://php.net/distributions/test_bug53632.txt) from the command line.
Click to expand...

When I upload the test file and run it in my webbrowser, I get this message: «Please run this test from CLI!»

What command should I use to run it from Putty?
 
Thank you, Peter! It seems my server is not affected as I get this message at the bottom: «Your system seems to be safe.»
 
not so serious for 64bit users, every server I ran the test script on said it's safe.
 
configure: error: mysql configure failed. Php update

I get this error when i want to php update:

checking for MySQL UNIX socket location... no
checking for mysql_close in -lmysqlclient... no
checking for mysql_error in -lmysqlclient... no
configure: error: mysql configure failed. Please check config.log for more information.

I do this cd /usr/local/directadmin/custombuild
./build update
./build clean
./build update_versions

php -v
PHP 5.2.12 (cli) (built: Feb 12 2010 22:49:38)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd.

Trying install :
yum install mysql-devel , (is already install)
and
./build all (same error)

mysqld Ver 5.0.37-standard-log
 
I've get an error on updating PHP 5.3 with custombuild 1.2:

Code: 
Wrong php5_ver value set in /usr/local/directadmin/custombuild/options.conf

Here my config:

Code: 
#PHP settings. default_php possible values - 4 or 5, php5_ver - 5.2 or 5.3
default_php=5
php5_ver=5.3
php4_cli=no
php4_cgi=no
php5_cli=yes
php5_cgi=no
zend=no

I think the problem is that the PHP 5.3 check in the latest build script (1.2.15) is gone.
 
Try updating the CustomBuild script and please let me know if you still have the problem. Thank you :)
 
There is no suhosin patch for 5.2.17 yet. I upgraded to 5.2.17 and now must downgrade back to 5.2.16 for suhosin patch.

I was wandering what's better: a little bit older but patched or newer with resolved critical issue but unpatched :)
 
Last edited:
I do find it ironic that suhosin the champions of security are so slow with updates, they then leave peopel with a choice of either staying out of date on php for weeks/months or upgrading with no suhosin.

I would suggest if the newer php fixes a security related flaw, then upgrade to it and live without suhosin in the interim, it may also be possible to have the older patch work with newer php.

the issue 5.2.17 fixes doesnt affect 64bit servers.
 
You must log in or register to reply here.
Back
Top