Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 26 Sep 2009 13:34:25 -0400
From:      Michael Powell <>
Subject:   Warning: PHP Update from 5.2.10 to 5.2.11 and FastCGI
Message-ID:  <h9lj9l$6si$>

Next in thread | Raw E-Mail | Index | Archive | Help
Today I did a portupgrade of PHP from 5.2.10 to 5.2.11. 

This broke both lighttpd and Apache web servers, on which I run PHP as 
FastCGI. I do not know if this affects those who use mod_php as I do not use 
it. I use mod_fcgid instead.

Execute php -v at a prompt and it will spew the following and segfault.

testbed suhosin[48982]: ALERT - canary mismatch on efree() - heap overflow 
detected (attacker 'REMOTE_ADDR not set', file 'unknown') 

If you are using FastCGI the workaround is to do make config in lang/php5 
and deselect the Suhosin option. There is something very broken in the 
Suhosin patch as far as CLI and FastCGI is concerned.


Want to link to this message? Use this URL: <$6si$1>