We are pleased to provide the following PHP 4.3.10 RPM's for Fedora Core 1 and RHEL 3.
Recently a serious exploitable issue was discovered in PHP (the scripting language in which phpBB, IPB, vB, etc. are written) versions prior to 4.3.10. The problematical functions include unserialize and realpath. phpBB (along with a great many other scripts including IPB, vB, etc.) use these two functions as a matter of course.
Installation is via rpm -
rpm -Uvh (rpms you need).
You can check which ones you have installed via
rpm -qa | grep php-
If you need any help, feel free to ask.
Red Hat Enterprise Linux 3 (RHEL3) Packages
php-4.3.10-1.1.rhel3.ct.i386.rpm - 56186602001780dabd715bf293ebaf7e
php-debuginfo-4.3.10-1.1.rhel3.ct.i386.rpm - ed5e45769bcaed311b56cf97d74476d9
php-devel-4.3.10-1.1.rhel3.ct.i386.rpm - 81315de8010ef2258bed2daa9901dc47
php-domxml-4.3.10-1.1.rhel3.ct.i386.rpm - 0691b3c60401f4e24d5590d95b1d7ae6
php-imagick-4.3.10-1.1.rhel3.ct.i386.rpm - 51c467849edf2188c348363ca46bbfb2
php-imap-4.3.10-1.1.rhel3.ct.i386.rpm - c8e38dabda22d53e839a5044b11138ee
php-ldap-4.3.10-1.1.rhel3.ct.i386.rpm - a58707d46085baa0327f80086e8d7c55
php-mbstring-4.3.10-1.1.rhel3.ct.i386.rpm - 3852f2df6f296e7dc0ff48146013ebe9
php-mcrypt-4.3.10-1.1.rhel3.ct.i386.rpm - c6cb7d34995cd5500b489e5de09c8b73
php-mhash-4.3.10-1.1.rhel3.ct.i386.rpm - 7cc58abe188230facf99b6e75710915e
php-mysql-4.3.10-1.1.rhel3.ct.i386.rpm - 759a0a7a1e26bafd45c3d298df819036
php-odbc-4.3.10-1.1.rhel3.ct.i386.rpm - 6554b24cc77624ed7a5ed30b28277a69
php-pgsql-4.3.10-1.1.rhel3.ct.i386.rpm - a519447ebdccdd8df175c9c344f481dd
php-snmp-4.3.10-1.1.rhel3.ct.i386.rpm - 13564985e94e5b9771ca3c7f2c1de2e9
php-xmlrpc-4.3.10-1.1.rhel3.ct.i386.rpm - 964a559c89f06737e134031ae9d5a835
php-xslt-4.3.10-1.1.rhel3.ct.i386.rpm - 1bd08399856dbc0ef5af598581a3def6
Fedora Core 1 Packages:
php-4.3.10-1.1.rhfc.ct.i386.rpm - e7e2d9d652eba7c4f8d25673100420f7
php-devel-4.3.10-1.1.rhfc.ct.i386.rpm - 2bc01b5f25879d9538f292a85adda78d
php-domxml-4.3.10-1.1.rhfc.ct.i386.rpm - 9e471da41bceab9eab32370f3c2b8c24
php-imagick-4.3.10-1.1.rhfc.ct.i386.rpm - 72f668e6a7d4fb644c7962921123f017
php-imap-4.3.10-1.1.rhfc.ct.i386.rpm - e9de41711251494e52a1304fcb13720a
php-ldap-4.3.10-1.1.rhfc.ct.i386.rpm - 0866402d2c10a1ba447a653ad07120ef
php-mbstring-4.3.10-1.1.rhfc.ct.i386.rpm - e6f5154a2e1a681fbff43c26f64e7c17
php-mcrypt-4.3.10-1.1.rhfc.ct.i386.rpm - 20529529cd470fbb5c15c62e6be99fae
php-mhash-4.3.10-1.1.rhfc.ct.i386.rpm - bfa55a5b815546569ab8c6967281f051
php-mysql-4.3.10-1.1.rhfc.ct.i386.rpm - 8e111964f263d8b6c6c47557a31cf7b1
php-odbc-4.3.10-1.1.rhfc.ct.i386.rpm - 6aa8a4f27004e04252279aa6ee722c5b
php-pgsql-4.3.10-1.1.rhfc.ct.i386.rpm - 5b46caf5efb627a0517e9f63be78eb4c
php-snmp-4.3.10-1.1.rhfc.ct.i386.rpm - 37e344d9ba421929e4e2ae8946f8a14e
php-xmlrpc-4.3.10-1.1.rhfc.ct.i386.rpm - 53a164b600f22f4ef619b455f4f2ea64
php-xslt-4.3.10-1.1.rhfc.ct.i386.rpm - 6828338325a53146fdcce03255d7be33
Full Version: PHP 4.3.10 for RHEL 3 / Fedora Core 1 Systems
No luck. Any other ideas?
[root@srv01 php]# rpm -Uvh *
error: Failed dependencies:
php-mbstring = 4.3.10-1.1.rhel3.ct is needed by php-4.3.10-1.1.rhel3.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-imap-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-ldap-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-mbstring-4.3.10-1.1.rhfc.ct
libmcrypt is needed by php-mcrypt-4.3.10-1.1.rhfc.ct
libmcrypt.so.4 is needed by php-mcrypt-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-mcrypt-4.3.10-1.1.rhfc.ct
libmhash is needed by php-mhash-4.3.10-1.1.rhfc.ct
libmhash.so.2 is needed by php-mhash-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-mhash-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-mysql-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-odbc-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-pgsql-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-snmp-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-xmlrpc-4.3.10-1.1.rhfc.ct
libjs.so is needed by php-xslt-4.3.10-1.1.rhfc.ct
libsablot.so.0 is needed by php-xslt-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-xslt-4.3.10-1.1.rhfc.ct
sablotron > 1.0 is needed by php-xslt-4.3.10-1.1.rhfc.ct
[root@srv01 php]# rpm -Uvh php-4.3.10-1.1.rhel3.ct.i386.rpm php-imap-4.3.10-1.1.rhfc.ct.i386.rpm php-ldap-4.3.10-1.1.rhfc.ct.i386.rpm php-mysql-4.3.10-1.1.rhfc.ct.i386.rpm
error: Failed dependencies:
php-mbstring = 4.3.10-1.1.rhel3.ct is needed by php-4.3.10-1.1.rhel3.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-imap-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-ldap-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-mysql-4.3.10-1.1.rhfc.ct
[root@srv01 php]#
[root@srv01 php]# rpm -Uvh *
error: Failed dependencies:
php-mbstring = 4.3.10-1.1.rhel3.ct is needed by php-4.3.10-1.1.rhel3.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-imap-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-ldap-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-mbstring-4.3.10-1.1.rhfc.ct
libmcrypt is needed by php-mcrypt-4.3.10-1.1.rhfc.ct
libmcrypt.so.4 is needed by php-mcrypt-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-mcrypt-4.3.10-1.1.rhfc.ct
libmhash is needed by php-mhash-4.3.10-1.1.rhfc.ct
libmhash.so.2 is needed by php-mhash-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-mhash-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-mysql-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-odbc-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-pgsql-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-snmp-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-xmlrpc-4.3.10-1.1.rhfc.ct
libjs.so is needed by php-xslt-4.3.10-1.1.rhfc.ct
libsablot.so.0 is needed by php-xslt-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-xslt-4.3.10-1.1.rhfc.ct
sablotron > 1.0 is needed by php-xslt-4.3.10-1.1.rhfc.ct
[root@srv01 php]# rpm -Uvh php-4.3.10-1.1.rhel3.ct.i386.rpm php-imap-4.3.10-1.1.rhfc.ct.i386.rpm php-ldap-4.3.10-1.1.rhfc.ct.i386.rpm php-mysql-4.3.10-1.1.rhfc.ct.i386.rpm
error: Failed dependencies:
php-mbstring = 4.3.10-1.1.rhel3.ct is needed by php-4.3.10-1.1.rhel3.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-imap-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-ldap-4.3.10-1.1.rhfc.ct
php = 4.3.10-1.1.rhfc.ct is needed by php-mysql-4.3.10-1.1.rhfc.ct
[root@srv01 php]#
You only need to install the rpm's you currently have installed (check rpm -qa | grep php- ) and php-mbstring dependency
You do not need the mcrypt, imap or mhash rpm's if you don't use these items
You do not need the mcrypt, imap or mhash rpm's if you don't use these items
Hi gpan
Tried to upgrade my PHP last night. I have RHEL 3 ES, a dual xeon 2.4 with 2gigs of ram. All good,installed the php rpms i needed, along with the latest zend optimizer. Restart apache, on the test page and the binary, version reported 4.3.10. When i opened a browser and pointed to my main site, just a blank page appeared. No other errors logged or something like that.
Any ideas ? I cannot test it much, because downtime more than 20 mins for my main site means a lot of money lost
Tried to upgrade my PHP last night. I have RHEL 3 ES, a dual xeon 2.4 with 2gigs of ram. All good,installed the php rpms i needed, along with the latest zend optimizer. Restart apache, on the test page and the binary, version reported 4.3.10. When i opened a browser and pointed to my main site, just a blank page appeared. No other errors logged or something like that.
Any ideas ? I cannot test it much, because downtime more than 20 mins for my main site means a lot of money lost
Checked PHP-mysql.
Redhat has an update here: https://rhn.redhat.com/errata/RHSA-2004-687.html and this seems to work fine for me. As for blank page go to you php.ini and set to E_ALL and make sure some errors are not being hidden from you.
Hello, I am very paranoid about the upgrade of php on our system. Mainly because I prefer to build things from scratch and I do not really like using RPMs and/or the Ensim control panel that we use. Here is my system:
[root@srv1 rh-rpm]# cat /etc/redhat-release
Red Hat Enterprise Linux ES release 3 (Taroon)
I was unable to get any sort of service via up2date, so I started looking in these posts for RPMs and found this post as well as the link to the RH errata, but I dont have access to those RPMs.
I did google the filenames and found all the RPMs listed in the RH erratta, HOWEVER, they don't match the md5sum, which makes me even more nervoues.
So I ran this command to see what php rpm's are installed.
[root@srv1 rh-rpm]# rpm -qa | grep php-
php-imap-4.3.2-8.ent
php-mysql-4.3.2-8.ent
php-ldap-4.3.2-8.ent
php-pgsql-4.3.2-8.ent
webppliance-mod_php-3.7.0-21
webppliance-mod_php-frontend-3.7.0-21
php-4.3.2-8.ent
php-httpd13-4.3.2-8ensim1
I have RPMs of 4.3.2-19 for all of them except the last one and the webliance 2. and that is the one that scares me the most, because I am far from an ensim expert
Has anyone with the same system as me, made this upgrade?
thank you
[root@srv1 rh-rpm]# cat /etc/redhat-release
Red Hat Enterprise Linux ES release 3 (Taroon)
I was unable to get any sort of service via up2date, so I started looking in these posts for RPMs and found this post as well as the link to the RH errata, but I dont have access to those RPMs.
I did google the filenames and found all the RPMs listed in the RH erratta, HOWEVER, they don't match the md5sum, which makes me even more nervoues.
So I ran this command to see what php rpm's are installed.
[root@srv1 rh-rpm]# rpm -qa | grep php-
php-imap-4.3.2-8.ent
php-mysql-4.3.2-8.ent
php-ldap-4.3.2-8.ent
php-pgsql-4.3.2-8.ent
webppliance-mod_php-3.7.0-21
webppliance-mod_php-frontend-3.7.0-21
php-4.3.2-8.ent
php-httpd13-4.3.2-8ensim1
I have RPMs of 4.3.2-19 for all of them except the last one and the webliance 2. and that is the one that scares me the most, because I am far from an ensim expert
Has anyone with the same system as me, made this upgrade?
thank you
Hello, I just installed the php update on my machine.
Which is RHel 4.01.
Unfortunately now I get a Connection refused when trying to log into my control panel. I know it worked prior. Any ideas on how to fix this?
Here is my Grep of php
php-imagick-4.3.10-1.1.rhel3.ct
php-ldap-4.3.10-1.1.rhel3.ct
php-imap-4.3.10-1.1.rhel3.ct
php-httpd13-4.3.2-8ensim1
php-pgsql-4.3.10-1.1.rhel3.ct
php-4.3.10-1.1.rhel3.ct
webppliance-mod_php-frontend-4.0.0-14.rhel
php-mysql-4.3.10-1.1.rhel3.ct
webppliance-mod_php-4.0.0-14.rhel **Why is this still php 4.0?
php-mbstring-4.3.10-1.1.rhel3.ct
Which is RHel 4.01.
Unfortunately now I get a Connection refused when trying to log into my control panel. I know it worked prior. Any ideas on how to fix this?
Here is my Grep of php
php-imagick-4.3.10-1.1.rhel3.ct
php-ldap-4.3.10-1.1.rhel3.ct
php-imap-4.3.10-1.1.rhel3.ct
php-httpd13-4.3.2-8ensim1
php-pgsql-4.3.10-1.1.rhel3.ct
php-4.3.10-1.1.rhel3.ct
webppliance-mod_php-frontend-4.0.0-14.rhel
php-mysql-4.3.10-1.1.rhel3.ct
webppliance-mod_php-4.0.0-14.rhel **Why is this still php 4.0?
php-mbstring-4.3.10-1.1.rhel3.ct
That is normal - have you tried restarting ensim?. And did it resave first.
Funny thing is, i did not do a webpliance restart, but I rebooted. Then
it still did not work, So I did a webpliance restart from the command line and it worked fine.
Excellent job Gpan. Thanks
it still did not work, So I did a webpliance restart from the command line and it worked fine.
Excellent job Gpan. Thanks
hello Gpan,
I have upgraded php on my servers, but many of my customers get now php errors in there scripts.
How can i get back to the old version of php?
My system:
Fedora linux core 1
Ensim pro 4.02
Thanks.
I have upgraded php on my servers, but many of my customers get now php errors in there scripts.
How can i get back to the old version of php?
My system:
Fedora linux core 1
Ensim pro 4.02
Thanks.
Did you upgrade your Zend optimizer / ioncube loader.
QUOTE
Originally posted by gpan
Did you upgrade your Zend optimizer / ioncube loader.
Did you upgrade your Zend optimizer / ioncube loader.
I dont use zend optimizer or ioncube loader on my servers.
But are the scripts?. PHP had to make changes to core functions to fix the security problem.
did it, i've upgraded it from source 
thx
thx
Hi,
I was concerned about the exploits on php, and was reading this thread. As I do the rpm qa command, I get this:
If 4.3.10 is the latest, how come I'm showing 4.3.2? I'm a bit confused.
I'm running RHES 3 with Plesk 7.5.1, all standard, no custom RPMs.
Thanks
-d
I was concerned about the exploits on php, and was reading this thread. As I do the rpm qa command, I get this:
CODE
> rpm -qa | grep php-
php-4.3.2-19.ent
php-pgsql-4.3.2-19.ent
php-ldap-4.3.2-19.ent
php-mysql-4.3.2-19.ent
php-imap-4.3.2-19.ent
php-4.3.2-19.ent
php-pgsql-4.3.2-19.ent
php-ldap-4.3.2-19.ent
php-mysql-4.3.2-19.ent
php-imap-4.3.2-19.ent
If 4.3.10 is the latest, how come I'm showing 4.3.2? I'm a bit confused.
I'm running RHES 3 with Plesk 7.5.1, all standard, no custom RPMs.
Thanks
-d
I don't know why I ever bother following this stuff. My server is completely screwed, http won't even start, all because php gave the following error:
rpm -Uvh *.rpm
error: Failed dependencies:
libaspell.so.15 is needed by php-4.3.10-1.1.rhfc.ct
libpspell.so.15 is needed by php-4.3.10-1.1.rhfc.ct
Now http won't start with this error message:
/sbin/service httpd start
Starting httpd: Syntax error on line 6 of /etc/httpd/conf.d/php.conf:
Cannot load /etc/httpd/modules/libphp4.so into server: libpspell.so.15: cannot open shared object file: No such file or directory
I don't even care about aspell. My site is down. Swell.
rpm -Uvh *.rpm
error: Failed dependencies:
libaspell.so.15 is needed by php-4.3.10-1.1.rhfc.ct
libpspell.so.15 is needed by php-4.3.10-1.1.rhfc.ct
Now http won't start with this error message:
/sbin/service httpd start
Starting httpd: Syntax error on line 6 of /etc/httpd/conf.d/php.conf:
Cannot load /etc/httpd/modules/libphp4.so into server: libpspell.so.15: cannot open shared object file: No such file or directory
I don't even care about aspell. My site is down. Swell.
Do you have aspell / pspell rpm's installed.
Yes.
I just nuked the rpms and installed PHP from source; something is clearly screwed with the RPM dependencies on my server.
I just nuked the rpms and installed PHP from source; something is clearly screwed with the RPM dependencies on my server.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.