[Toolserver-l] Restart of apache and updating of php on cassini

DaB. WP at daniel.baur4.info
Fri Nov 27 20:49:40 UTC 2009 

Hello all,

the debian-security-folks updated php because of some security-problems (if 
you like details, I added the report below). The update requires an update and 
restart of apache too.

For this reason, I will update and restart php and apache on cassini tonight 
(between 1 and 2 o'clock UTC) . The "downtime" of apache should be only a few 
minute at maximum. You can see the progress at [1].

Sincerly,
DaB.

[1] https://jira.toolserver.org/browse/MNT-16


--- News for php5 (php-pear php5 php5-cgi php5-cli php5-common php5-curl php5-
gd php5-mysql php5-pgsql) ---
php5 (5.2.6.dfsg.1-1+lenny4) stable-security; urgency=high

  * Maximum number of file uploads per request limited

  To prevent Denial of Service attacks by exhausting the number of
  available temporary file names, the max_file_uploads option
  introduced in PHP 5.3.1 has been backported.

  Due to the nature of this new option a default limit has been set
  to 50, hoping it is sensible enough to not to cause disruptions on
  existing services.
  The value of this new limit can be changed in the php.ini file.

  If you installed the php5-suhosin extension there was a limiting
  mechanism in place already. In this case you may want to make sure
  the new limit imposed by PHP itself is not smaller than suhosin's.

 -- Raphael Geissert <geissert at debian.org>  Sat, 21 Nov 2009 18:13:48 -0600

--- Changes for php5 (php-pear php5 php5-cgi php5-cli php5-common php5-curl 
php5-gd php5-mysql php5-pgsql) ---
php5 (5.2.6.dfsg.1-1+lenny4) stable-security; urgency=high

  * CVE-2009-2687: DoS via malformed JPEG images with invalid offset fields
      (Closes: #535888)
  * CVE-2009-2626: remote memory disclosure via ini_* functions
      (Closes: #540605)
  * CVE-2009-3292: multiple missing checks processing exif image data
  * CVE-2009-3291: improper handling of nul character in CommonName fields
      of X509 certificates
  * max_file_uploads: prevent, by limiting, temporary files exhaustion DoS
  * Add an entry to debian/NEWS about the new per-request file uploads limit

 -- Raphael Geissert <geissert at debian.org>  Sat, 21 Nov 2009 18:28:12 -0600

-- 
wp-blog.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.wikimedia.org/pipermail/toolserver-l/attachments/20091127/b91e3634/attachment.pgp

More information about the Toolserver-l mailing list