Re: advice on having php 5.2.x:

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 02/09/2012 04:16 AM, John R. Dennison wrote:
> On Thu, Feb 09, 2012 at 12:07:34PM +0200, Peter Peltonen wrote:
>> Hi,
>>
>> There is a PHP 5.2 RPM for CentoOS5 in the testing repo:
>>
>> http://dev.centos.org/centos/5/testing/SRPMS/
> This should be avoided at all costs.  Those packages have not been
> updated for ever and as a result have multiple known critical
> vulnerabilities.  Additionally, as has been pointed out repeatedly,
> these packages must be removed; the project is effectively pushing known
> vulnerable packages.
>
> Use the IUS repository and the php-5.2.17 packages they supply.  IUS is
> known and vetted and they have a commercial stake in the stability and
> integrity of the packages in that repo as they are what RackSpace makes
> available to their own paying customers.
>
> Please see http://wiki.centos.org/AdditionalResources/Repositories for
> more information and a link to the IUS repo.

For the record, those 5.2.10 php files are the latest released from here:

ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/

Those are from the Red Hat Web Application Stack for EL5.  It gets
errata here:

https://rhn.redhat.com/errata/rhel-appstk-5-errata.html

As to whether or not you should use them, that is ... of course ... up
to you.  It is the latest released, by upstream.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux