Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 26 Sep 2009 13:34:25 -0400
From:      Michael Powell <nightrecon@hotmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Warning: PHP Update from 5.2.10 to 5.2.11 and FastCGI
Message-ID:  <h9lj9l$6si$1@ger.gmane.org>

next in thread | raw e-mail | index | archive | help
Today I did a portupgrade of PHP from 5.2.10 to 5.2.11. 

This broke both lighttpd and Apache web servers, on which I run PHP as 
FastCGI. I do not know if this affects those who use mod_php as I do not use 
it. I use mod_fcgid instead.

Execute php -v at a prompt and it will spew the following and segfault.

testbed suhosin[48982]: ALERT - canary mismatch on efree() - heap overflow 
detected (attacker 'REMOTE_ADDR not set', file 'unknown') 

If you are using FastCGI the workaround is to do make config in lang/php5 
and deselect the Suhosin option. There is something very broken in the 
Suhosin patch as far as CLI and FastCGI is concerned.

-Mike





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?h9lj9l$6si$1>