Hi,
I've been asked to look at the OpenPKG-SA-2003.010-php security
advisory to see whether it affects our installation of Apache
1.3.27(which we obtained directly from the apache web site).
The advisisory seems to say that the problem is specifically with PHP
(which we do not use), but it lists
Am I right in assuming that that the packages listed above are
packages
that OpenPKG have put together themselves
correct.
With apache from OpenPkg you can choose at build time which external
stuff you want to include. Among this stuff is mod_php. Thus apache
from OpenPKG might is affected if
--- Ingo T. Storm [EMAIL PROTECTED] wrote:
With apache from OpenPkg you can choose at build time which external
stuff you want to include. Among this stuff is mod_php. Thus apache
from OpenPKG might is affected if you build it with php, while plain
apache (from apache.org) or OpenPKG apache
Thanks Ingo.
you're welcome.
So is PHP actually *inside* the OpenPKG apache package;
mod_php is in the OpenPKG apache package. (as is mod_ssl and the
like). This means that when any of the packages contained has an
update, the container package will have to be updated. This is the
reason why
On Wed, Mar 12, 2003, Ingo T. Storm wrote:
mod_php is in the OpenPKG apache package. (as is mod_ssl and the
like). This means that when any of the packages contained has an
update, the container package will have to be updated. This is the
reason why you see both apache and the standalone php
Ingo and Michael, thanks once again. That clarifies thinks nicely.
Regards
Colin
__
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
Some clarification.
Does this meanm that I got the picture completely wrong or was I only
wrong in this case where only _php as a cgi_ is vulnerable and not the
mod_php resulting from building apache with_php?
Thanks!
Ingo
__