|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------+ | EnGarde Secure Linux Bug Fix Advisory May 15, 2002 | | http://www.engardelinux.org/ EBA-20020515-011 | | | | Packages: php, mod_php | | Summary: Fix defaults in php.ini | +------------------------------------------------------------------------+ EnGarde Secure Linux is a secure distribution of Linux that features improved access control, host and network intrusion detection, Web based secure remote management, complete e-commerce using AllCommerce, and integrated open source security tools. OVERVIEW - -------- Our last update changed some defaults in /etc/php.ini. This update brings some of those defaults back to what they were before the update. DETAIL - ------ Some defaults in /etc/php.ini changed in our last PHP update (ESA-20020301-006). In particular file_uploads and register_globals were disabled. This update changes these defaults back to what they were before the update. SOLUTION - -------- Users of the EnGarde Professional edition can use the Guardian Digital Secure Network to update their systems automatically. EnGarde Community users should upgrade to the most recent version as outlined in this advisory. Updates may be obtained from: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ http://ftp.engardelinux.org/pub/engarde/stable/updates/ Before upgrading the package, the machine must either: a) be booted into a "standard" kernel; or b) have LIDS disabled. To disable LIDS, execute the command: # /sbin/lidsadm -S -- -LIDS_GLOBAL To install the updated package, execute the command: # rpm -Uvh [files] You must now update the LIDS configuration by executing the command: # /usr/sbin/config_lids.pl To re-enable LIDS (if it was disabled), execute the command: # /sbin/lidsadm -S -- +LIDS_GLOBAL To verify the signatures of the updated packages, execute the command: # rpm -Kv [files] UPDATED PACKAGES - ---------------- These updated packages are for EnGarde Secure Linux Community Edition. Source Packages: SRPMS/php-4.0.6-1.0.19.src.rpm MD5 Sum: 9a864eb3e5faaab172ce2cd4e041bd54 Binary Packages: i386/mod_php-4.0.6-1.0.19.i386.rpm MD5 Sum: f93a1d3bbd5c2d2b4d2e44e360d81909 i386/php-4.0.6-1.0.19.i386.rpm MD5 Sum: f9727a78f7f6951ded75f16767023ab5 i686/mod_php-4.0.6-1.0.19.i686.rpm MD5 Sum: e8cbd17324801abf8e690d52281de8df i686/php-4.0.6-1.0.19.i686.rpm MD5 Sum: efa4216de497ac373927ddf8eccae2fb REFERENCES - ---------- Guardian Digital's public key: http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY PHP's Official Web Site: http://www.php.net/ Security Contact: security@guardiandigital.com EnGarde Advisories: http://www.engardelinux.org/advisories.html - -------------------------------------------------------------------------- $Id: EBA-20020515-011-php,v 1.1 2002/05/15 18:55:04 rwm Exp $ - -------------------------------------------------------------------------- Author: Ryan W. Maple <ryan@guardiandigital.com> Copyright 2002, Guardian Digital, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE84q9IHD5cqd57fu0RArtfAJ9ZNbcxcqITaO3NzgJCTMAhX+0HDgCff6Lo L5v75b2byf56Wa8i4cKrt/M= =YukZ -----END PGP SIGNATURE-----