PHP Classes

Suhosin

Recommend this page to a friend!

      PHP Classes blog  >  PHP Vulnerability May...  >  All threads  >  Suhosin  >  (Un) Subscribe thread alerts  
Subject:Suhosin
Summary:Do it.
Messages:2
Author:John Kawakami
Date:2012-01-13 04:20:04
Update:2012-01-13 04:36:38
 

  1. Suhosin   Reply   Report abuse  
Picture of John Kawakami John Kawakami - 2012-01-13 04:36:38
I recommend Suhosin. It has solved a lot of problems for me. It's not as safe as using some kind of virtual server or jail, but it's pretty close.

  2. Re: Suhosin   Reply   Report abuse  
Picture of Bishop Olis Bishop Olis - 2012-01-13 08:35:54
This PHP vulnerability is officially named CVE-2011-4885 . It's a unique identifier. Redhat's own internal ticket number for this one, for instance only, is at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4885 or https://bugzilla.redhat.com/show_bug.cgi?id=750547, the same ticket under both names. RH, again for example, has released an updated PHP kit at https://rhn.redhat.com/errata/RHSA-2012-0019.html.

But just go update your PHP installs. It's an apt-get upgrade and you're done. You should have this automated (based on your patch policy). And if you hand-compile your own stuff and spray files all over your system, well, you're probably used to watching ocert like a hawk and emerging things on 20 boxes at once as a hobby ;-)