From php.net:
The PHP development team would like to announce the immediate availability of PHP 5.3.5 and 5.2.17.

This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.

The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit. You can test whether your system is affected by running this script (http://php.net/distributions/test_bug53632.txt) from the command line.

All users of PHP are strongly advised to update to these versions immediately.

I found the same bug, http://www.infoworld.com/d/security-central/php-floating-point-bug-fixed-887?source=footer

When does directadmin update php packages? build update still hangs on 5.2.16 :eek:

What do you mean when does? You have to do it yourself. Its not a robot that knows when things need to be updated.

cd /usr/local/directadmin/custombuild
./build update
./build clean
./build update_versions

I suppose, Suurbier meant, that custombuild suggest 5.2.16 as latest version:


Latest version of PHP5 (CGI): 5.2.16
Installed version of PHP5 (CGI): 5.2.16

I suppose, Suurbier meant, that custombuild suggest 5.2.16 as latest version:
Exactly, says 16 for me too......

I guess we can d/l 17 from php.net and md5 the versions.txt

The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit. You can test whether your system is affected by running this script (http://php.net/distributions/test_bug53632.txt) from the command line.

When I upload the test file and run it in my webbrowser, I get this message: «Please run this test from CLI!»

What command should I use to run it from Putty?

What command should I use to run it from Putty?
php <path to file>

Thank you, Peter! It seems my server is not affected as I get this message at the bottom: «Your system seems to be safe.»

5.2.13 seems to be safe.... Hmmmmm

Looks like 5.2.17 is now in custombuild.

not so serious for 64bit users, every server I ran the test script on said it's safe.

I get this error when i want to php update:

checking for MySQL UNIX socket location... no
checking for mysql_close in -lmysqlclient... no
checking for mysql_error in -lmysqlclient... no
configure: error: mysql configure failed. Please check config.log for more information.

I do this cd /usr/local/directadmin/custombuild
./build update
./build clean
./build update_versions

php -v
PHP 5.2.12 (cli) (built: Feb 12 2010 22:49:38)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd.

Trying install :
yum install mysql-devel , (is already install)
and
./build all (same error)

mysqld Ver 5.0.37-standard-log

Updated from 5.2.16 to 5.2.17 without problems :)

I've get an error on updating PHP 5.3 with custombuild 1.2:


Wrong php5_ver value set in /usr/local/directadmin/custombuild/options.conf

Here my config:


#PHP settings. default_php possible values - 4 or 5, php5_ver - 5.2 or 5.3
default_php=5
php5_ver=5.3
php4_cli=no
php4_cgi=no
php5_cli=yes
php5_cgi=no
zend=no


I think the problem is that the PHP 5.3 check in the latest build script (1.2.15) is gone.

Try updating the CustomBuild script and please let me know if you still have the problem. Thank you :)

Martynas, can you help me with the following question? How to install PHP 5.2 and 5.3 together (http://www.directadmin.com/forum/showthread.php?t=39017)

Try updating the CustomBuild script and please let me know if you still have the problem. Thank you :)
Problem solved, thnx!

There is no suhosin patch for 5.2.17 yet. I upgraded to 5.2.17 and now must downgrade back to 5.2.16 for suhosin patch.

I was wandering what's better: a little bit older but patched or newer with resolved critical issue but unpatched :)

I do find it ironic that suhosin the champions of security are so slow with updates, they then leave peopel with a choice of either staying out of date on php for weeks/months or upgrading with no suhosin.

I would suggest if the newer php fixes a security related flaw, then upgrade to it and live without suhosin in the interim, it may also be possible to have the older patch work with newer php.

the issue 5.2.17 fixes doesnt affect 64bit servers.