[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Sun Update 2.0.1
- Subject: Re: [cobalt-security] Sun Update 2.0.1
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Tue, 23 Apr 2002 05:08:07 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Moin Norbert,
> Isn`t the Sun Upsate 2.0.1 a downgrade if the pkg from pkgmaster is
> installed?
Correct.
> What else then PHP is changed by this package? Does it make any sense to
> install this?
If you already got the PHP-4.1.2 from PKGmaster.com (or other sources)
installed, then it makes no sense to apply this patch. To the contrary: If
your PHP-4.1.2 has replaced gd-lib with an updated version, then the
downgrade will kill the Apache webserver as the official PHP-4.0.6 links
against a version of gd-lib which is then no longer on the server.
> I thought the pkg from pkgmaster fixes a securityhole in the Version
> provided by Sun. Why is there a older Version in the Sun PKG?
I had a small discussion with Tim and Tony (both SUN/Cobalt) on the SUN/Cobalt
webforum. According to Tim they used a fixed version of PHP-4.0.6 which does
no longer contain the security issues which the initial PHP-4.0.6 had.
> And what does this SUN PKG support? GIF PNG JPG?
It's a pretty plain PHP installation without most of the goodies which the
PKGmaster.com (or others) have. So you can safely skip this patch and save
yourself quite a headache.
--
Mit freundlichen Grüßen / With best regards
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer