TUCoPS :: Linux :: Apps N-Z :: esa2-011.txt

php, mod_php - Fix defaults in php.ini - ESA-20020515-011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+------------------------------------------------------------------------+
| EnGarde Secure Linux Bug Fix Advisory May 15, 2002 |
| http://www.engardelinux.org/ EBA-20020515-011 |
| |
| Packages: php, mod_php |
| Summary: Fix defaults in php.ini |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
  improved access control, host and network intrusion detection, Web
  based secure remote management, complete e-commerce using AllCommerce,
  and integrated open source security tools.

OVERVIEW
- --------
  Our last update changed some defaults in /etc/php.ini. This update
  brings some of those defaults back to what they were before the update.

DETAIL
- ------
  Some defaults in /etc/php.ini changed in our last PHP update
  (ESA-20020301-006). In particular file_uploads and register_globals
  were disabled. This update changes these defaults back to what they
  were before the update.

SOLUTION
- --------
  Users of the EnGarde Professional edition can use the Guardian Digital
  Secure Network to update their systems automatically.

  EnGarde Community users should upgrade to the most recent version
  as outlined in this advisory. Updates may be obtained from:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
    http://ftp.engardelinux.org/pub/engarde/stable/updates/

  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
    b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh [files]

  You must now update the LIDS configuration by executing the command:

    # /usr/sbin/config_lids.pl

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signatures of the updated packages, execute the command:

    # rpm -Kv [files]

UPDATED PACKAGES
- ----------------
  These updated packages are for EnGarde Secure Linux Community
  Edition.

  Source Packages:

    SRPMS/php-4.0.6-1.0.19.src.rpm
      MD5 Sum: 9a864eb3e5faaab172ce2cd4e041bd54

  Binary Packages:

    i386/mod_php-4.0.6-1.0.19.i386.rpm
      MD5 Sum: f93a1d3bbd5c2d2b4d2e44e360d81909

    i386/php-4.0.6-1.0.19.i386.rpm
      MD5 Sum: f9727a78f7f6951ded75f16767023ab5

    i686/mod_php-4.0.6-1.0.19.i686.rpm
      MD5 Sum: e8cbd17324801abf8e690d52281de8df

    i686/php-4.0.6-1.0.19.i686.rpm
      MD5 Sum: efa4216de497ac373927ddf8eccae2fb

REFERENCES
- ----------
  Guardian Digital's public key:
    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  PHP's Official Web Site:
    http://www.php.net/

  Security Contact: security@guardiandigital.com
  EnGarde Advisories: http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: EBA-20020515-011-php,v 1.1 2002/05/15 18:55:04 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple <ryan@guardiandigital.com>
Copyright 2002, Guardian Digital, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE84q9IHD5cqd57fu0RArtfAJ9ZNbcxcqITaO3NzgJCTMAhX+0HDgCff6Lo
L5v75b2byf56Wa8i4cKrt/M=
=YukZ
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH