Date: Thu, 5 Oct 2006 23:53:30 -0400 From: "Matt Emmerton" <matt@gsicomp.on.ca> To: <freebsd-questions@freebsd.org>, "Alain Wolf" <wolf@k18.ch> Subject: Re: port php5 - what I am supposed to do here? Message-ID: <00aa01c6e8fa$fe19ce90$1200a8c0@gsicomp.on.ca> References: <eg4hu4$40i$1@sea.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello List, > > Portuadit telles my about the "open_basedir Race Condition > Vulnerability", OK. > > By reading the advisory on > http://www.hardened-php.net/advisory_082006.132.html I can safely say > this does not apply to our environment, we don't use open_basedir or > safe_mode and Suhosin is planned anyway (after test). > > With a "portsnap fetch update" I get a new version php5-5.1.6_1 in my > portstree, OK. > > But "portmanager -u" or even manually with "make install clean" > everything fails with the following message: > > ===> php5-5.1.6_1 has known vulnerabilities: > => php -- open_basedir Race Condition Vulnerability. > Reference: > <http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df .html> > => Please update your ports tree and try again. > *** Error code 1 > > So what to do now? You've established that the security issue doesn't apply to your environment. 1) Add "DISABLE_VULNERABILITIES=yes" to /etc/make.conf 2) Run "portupgrade -u" or "make install clean" Regards, -- Matt Emmerton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00aa01c6e8fa$fe19ce90$1200a8c0>