Hi,
Anyone can help on applying patch "PHP Vulnerability: CVE-2015-4601" on Centos 6.8 platform.
How can I install this patch in command line using "yum" or "rpm"? Do I need to download or there is a direct command.
Thanks in advance.
Ragards,
FSPalero
According to Redhat's knowledgebase, this should be fixed in php-5.3.3-46 or later.
Check your installed version with
# rpm -q php
php-5.3.3-48.el6_8.i686
If the installed version is too low, run
# yum update "php*"
After that you should restart your webserver to load the new PHP module.
Hi Hergp,
I try the command you given to me on this step;
sysadmin@app [~]# rpm -q php
package php is not installed
sysadmin@app [~]# php -version
PHP 5.5.37 (cli) (built: Jul 25 2016 19:19:08)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
Regards,
Ferdie
This output shows, that php was not installed using a package manager on your system. Someone compiled and installed php from source. Therefore there is no way to update your installation using yum or rpm.
You have to download, configure, compile and install php again from source. Version 5.6.7 or higher is required to fix this vulnerability.
Another possibility is to delete the manually installed php version and reinstall a current version from a third party yum repository like remi (Remi's RPM repository) or webtatic (Webtatic.com). You have to check first, if the manual install was done for a special reason which can not be covered by the standard rpm packages.
Hi Hergp,
Great! Many thanks for the help.
Regards,
FSPalero