Good morning all! I was just checking out some info on the PHP vulnerabilities and found a few things.
1) There is a patch release to PHP 4.1.2 which apparently addresses the PHP vulnerabilities 2) Even if you're running PHP scripts that do not utilize file uploads, you're still vulnerable unless you disable the file uploads on line 249 of the php.ini (line 249 in PHP 4.1.1 that is) and... 3) if you DO disable the file uploads in php.ini, you can't send messages through webmail. As soon as re-enabled file uploads, I could send messages again. Has anyone (Dan Brown? Darrell May?) been poking around with the PHP 4.1.2 patch available at http://www.php.net/downloads.php ? Ari -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
