FYI, PHP 5.5.32, 5.6.18 and PHP 7.0.3 are out:
http://php.net/archive/2016.php#id2016-02-04-3
in regards to updating the various versions and related packages in the repos.
They note that these are security releases so likely some backporting needed for the 5.4.x and 5.3.x packages as well.
Thanks.
PHP 5.5.32, 5.6.18 and PHP 7.0.3
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: PHP 5.5.32, 5.6.18 and PHP 7.0.3
Systems running the ASL kernel are immune to the security issues addressed by these releases. Please see this forum for details:
https://www.atomicorp.com/forums/viewforum.php?f=13
https://www.atomicorp.com/forums/viewforum.php?f=13
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: PHP 5.5.32, 5.6.18 and PHP 7.0.3
Also It looks like these are all issues we had already fixed in the Jan 11 & 12 updates we put out for PHP 5.3 and 5.4. Updates for the rest should be out very soon.
Re: PHP 5.5.32, 5.6.18 and PHP 7.0.3
Scott:
Thanks. Good to hear that the security updates were already fixed based on the January updates for PHP 5.3.x and 5.4.x.
Were the January updates intentionally patched for the security updates in 5.5.32 and 5.6.18 based on the pre-release versions or was it a by-product of other fixes?
Thanks.
Thanks. Good to hear that the security updates were already fixed based on the January updates for PHP 5.3.x and 5.4.x.
Were the January updates intentionally patched for the security updates in 5.5.32 and 5.6.18 based on the pre-release versions or was it a by-product of other fixes?
Thanks.
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: PHP 5.5.32, 5.6.18 and PHP 7.0.3
It was a mix, we were out ahead of them based on some published security research from other sources, and others they had addressed in their git repo. Internally the PHP team does a pretty good job on getting these into SCM, you'll note that these don't even have CVE numbers yet.
Re: PHP 5.5.32, 5.6.18 and PHP 7.0.3
Thanks for the clarification.