Re: [cobalt-security] Sun Update 2.0.1

[Michael Stauber <cobalt@xxxxxxxxxxxxxx>]

Moin Norbert,

> Isn`t the Sun Upsate 2.0.1 a downgrade if the pkg from pkgmaster is
> installed?

Correct.

> What else then PHP is changed by this package? Does it make any sense to
> install this?

If you already got the PHP-4.1.2 from PKGmaster.com (or other sources) 
installed, then it makes no sense to apply this patch. To the contrary: If 
your PHP-4.1.2 has replaced gd-lib with an updated version, then the 
downgrade will kill the Apache webserver as the official PHP-4.0.6 links 
against a version of gd-lib which is then no longer on the server.

> I thought the pkg from pkgmaster fixes a securityhole in the Version
> provided by Sun. Why is there a older Version in the Sun PKG?

I had a small discussion with Tim and Tony (both SUN/Cobalt) on the SUN/Cobalt 
webforum. According to Tim they used a fixed version of PHP-4.0.6 which does 
no longer contain the security issues which the initial PHP-4.0.6 had. 

> And what does this SUN PKG support? GIF PNG JPG?

It's a pretty plain PHP installation without most of the goodies which the 
PKGmaster.com (or others) have. So you can safely skip this patch and save 
yourself quite a headache.

-- 

Mit freundlichen Grüßen / With best regards

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer