Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have been Goggling everywhere for a way to install/update PHP 5.3.3 to a higher version 5.3.9-5.3.10 on CentOS 5.8 but for some reason it really looks like its not possible. I have seen guides on installing PHP 5.3.10 on CentOS 6.2.
I have searched for RPM packages and also building and compiling PHP 5.3.9-5.3.10 but there is not much on the net.
I just think its crazy that its not possible as, PHP 5.3.3 has I believe 39 vulnerabilities. I know Red Hat/CentOS don't have the latest updates right away but this seems abnormal.
Your thoughts would be much appreciated.
(I tried searching for a similar post but didn't have any luck, sorry if this is a re-post)
I think you're probably not up on the patching regime that Redhat takes. Redhat (and so, CentOS) won't provide newer minor versions of those packages, but they will back port any security or bug fixes from later versions to them. Check the RPM level changelogs for them and you *SHOULD* see any vuln you're concerned about being patched.
Remembers it's the only the original PHP source code that is genuinely known to be vulnerable. downstream, you can't assume that at all.
I think you're probably not up on the patching regime that Redhat takes. Redhat (and so, CentOS) won't provide newer minor versions of those packages, but they will back port any security or bug fixes from later versions to them. Check the RPM level changelogs for them and you *SHOULD* see any vuln you're concerned about being patched.
Remembers it's the only the original PHP source code that is genuinely known to be vulnerable. downstream, you can't assume that at all.
Hi thanks for the reply,
I have a read a little about the situation and I was under the assumption that Red Hat/CentOS didn't offer the latest release of software like PHP, Apache HTTPD etc. I did think that was strange, in that if a package is found to have a exploit then it would be insecure, I didn't realize that the package do get updated to include fixes for exploits,bugs but stay the same version number. This is what led to my confusion, I assume that if a package was updated to fix exploit & bugs the version number would increase.
I have now ran based on your advice(I didn't know about this command before, though I do recall now, seeing tidbits about viewing CVE updates via the command line)
Code:
rpm -q --changelog php53
And see that it has been updated to patch even the latest exploit/vunrebilitiy found on CVEDetails
I will be sure to check this regularly now on a range of packages. Thanks for the help.
Quote:
Originally Posted by lithos
Hi yelluc
have you tried to install it with yum from webtatic ?
Thanks for replying,
I have installed the repo and have installed the package on a test server.
Code:
[root@localhost ~]# php -v
PHP 5.3.10 (cli) (built: Feb 2 2012 22:59:27)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
Thanks for the advice, I will now be planning on getting this on our live servers.
Much regards to both posters on the help and advice.
I'd avoid third party packages unless you have a genuine need for features and functionality not available in the mainline. Don't chase pretty looking version numbers for no reason.
I'd avoid third party packages unless you have a genuine need for features and functionality not available in the mainline. Don't chase pretty looking version numbers for no reason.
You do make a good point, If there is a exploit/vulnerability in 5.3.10 which their will undoubtedly will be I will be forced to wait for the third party packager to update wouldn't I?
I will follow you advice and just stick to 5.3.3, at least I know that its going to be maintained from the official repo's.
I will try and build/compile myself, that seems like the other solution.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.