--On October 15, 2006 12:39:11 PM -0500 Jonathan Horne <[EMAIL PROTECTED]>
wrote:
ive been scratching my head on this one for a few days too. i have a
box at home, that is running 6.2-PRERELEASE. when i try to install the
lang/php5 port, i get:
[EMAIL PROTECTED] /usr/ports/lang/php5]# make install clean
===> php5-5.1.6_1 has known vulnerabilities:
=> php -- open_basedir Race Condition Vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a
62df.html> => Please update your ports tree and try again.
*** Error code 1
Stop in /usr/ports/lang/php5.
however, my server is running the same port, with no issue whatsoever.
That's because you installed the port on the server *before* the
vulnerability was found.
[EMAIL PROTECTED] /etc/mail]# pkg_info | grep php5
php5-5.1.6_1
(and many extensions too)
perplexing that one box could have it, while another one (using the same
updated ports tree), refuses it. could be related to the code branch im
following on my workstaion versus my server?
No. It's related to the timing of when a security vulnerability was
discovered.
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
