|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] problems with pcre functions after php update
From: Marcus Meissner (meissner
suse.de)
Date: Wed Aug 31 2005 - 04:50:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Aug 31, 2005 at 11:46:39AM +0200, Frank Huebsch wrote:
> Marcus Meissner wrote:
>
> >On Wed, Aug 31, 2005 at 12:08:04AM +0200, David Huecking wrote:
> >
> >
> >>On Dienstag 30 August 2005 18:44, Marcus Meissner wrote:
> >>
> >>
> >>>On Tue, Aug 30, 2005 at 06:30:07PM +0200, Andy Spiers wrote:
> >>>
> >>>
> >>>>Hi,
> >>>>
> >>>>We've just applied the updated packages from the security announcement
> >>>>SUSE-SA:2005:049 that came out about 2 hours ago and we're seeing errors
> >>>>in PCRE functions in a PHP application that was working fine before. Is
> >>>>anyone else having the same problems?
> >>>>
> >>>>Here's an example of the error generated:
> >>>>PHP Warning: preg_match: internal pcre_fullinfo() error -3 in
> >>>>/srv/www/htdocs/netcat/modules/stats/function.inc.php on line 28
> >>>>
> >>>>Here's line 28 from the file mentioned - it looks perfectly fine to me:
> >>>>if
> >>>>(preg_match("/(netscape|mozilla|links|lynx|opera|msie|konqueror)/i",$HTTP
> >>>>_USER_AGENT)) {
> >>>>
> >>>>Looking on google gives me the impression that many people have seen
> >>>>this bug and unfortunately the PHP team's answer seems to be "use the
> >>>>internal/included PCRE library and not the system one".
> >>>>
> >>>>Do the guys from SuSE or anyone else have any comments on this or
> >>>>ideas on how to solve it? For the moment I've rolled back to the old
> >>>>versions of the RPMs.
> >>>>
> >>>>
> >>>Yes, please roll back to the old versions.
> >>>
> >>>We have removed the patches on our master update staging server already,
> >>>so you should get the old version via YOU again (in some minutes after
> >>>the mirrors pick it up).
> >>>
> >>>Our testing did not find the problematic use of the apache2 builtin pcre
> >>>library, which causes php4 to crash.
> >>>
> >>>We will issue fixed updates within the next day(s).
> >>>
> >>>
> >>I still find the "new" php-RPMs on the SuSE-ftp-server and its mirror
> >>ftp.gwdg.de?! - Or is something wrong with my eyes (or my ftp-program...)?
> >>e.g.
> >>ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/
> >>There is still
> >>apache2-mod_php4.rpm
> >>linked to the buggy
> >>apache2-mod_php4-4.3.3-194.i586.rpm
> >>with the md5-sum announced in the advisory...
> >>
> >>In which way the update is "disabled?"/ "removed from the masterserver"?
> >>
> >>I rolled back the php4 on a SuSE 9.0 based server, but I can't find any older
> >>packages anymore for a SuSE 9.2 based sysem.
> >>
> >>So please enlighten me... 8-)
> >>
> >>
> >
> >We rolled it back for the online update tool, which will not show and not
> >download the broken patches (in the patches/directory.3 file).
> >
> >The broken RPMs still exist on the mirrors.
> >
> >Ciao, Marcus
> >
> >
> >
> ... and those are obviously being discovered by fou4s.
>
> People using fou4s should add pcre to the list of updates to ignore.
> For SuSE Linux 9.3 add the following line to your /etc/fou4s.conf:
> IgnoreList=pcre-5.0-3.2
No.
The pcre update is fine and totally unrelated to the PHP problems.
Ciao, Marcus
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]