AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system

 View Only

  • 1.  php security vulnerability fix

    Posted Fri January 21, 2022 09:25 AM
    php-7.4.27-1.aix6.1.ppc.rpm is now available on AIX Toolbox.

    This version of php has fixes for the CVE-2021-21707 security vulnerability.

    You can use YUM/DNF to update to this version of package from the AIX Toolbox repository.

    ------------------------------
    SANGAMESH
    ------------------------------


  • 2.  RE: php security vulnerability fix

    Posted Thu January 27, 2022 04:28 PM
    Edited by Vasiliy Gokoyev Thu January 27, 2022 04:28 PM
    hi
    We have another flag that php 7.4.27 uses openssl 1.0.2u despite having 1.1.2 installed on the system.   How can we make it use the latest version supplied by the openssl.base fileset? Is php module dynamically linked?

    curl -k --head https://localhost
    HTTP/1.1 403 Forbidden
    Date: Thu, 27 Jan 2022 21:20:55 GMT
    Server: Apache/2.4.51 (Unix) PHP/7.4.27 OpenSSL/1.0.2u
    Content-Type: text/html; charset=iso-8859-1

    $ lslpp -l openssl.base
    Fileset Level State Description
    ----------------------------------------------------------------------------
    Path: /usr/lib/objrepos
    openssl.base 1.1.2.1200 COMMITTED Open Secure Socket Layer

    Path: /etc/objrepos
    openssl.base 1.1.2.1200 COMMITTED Open Secure Socket Layer

    ------------------------------
    Vasiliy Gokoyev
    ------------------------------

    Original Message


Related Content