Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only

  • 1.  php security vulnerability fix

    Posted Fri January 21, 2022 09:25 AM
    php-7.4.27-1.aix6.1.ppc.rpm is now available on AIX Toolbox.

    This version of php has fixes for the CVE-2021-21707 security vulnerability.

    You can use YUM/DNF to update to this version of package from the AIX Toolbox repository.

    ------------------------------
    SANGAMESH
    ------------------------------

    #AIXOpenSource


  • 2.  RE: php security vulnerability fix

    Posted Thu January 27, 2022 04:28 PM
    Edited by Vasiliy Gokoyev Thu January 27, 2022 04:28 PM
    hi
    We have another flag that php 7.4.27 uses openssl 1.0.2u despite having 1.1.2 installed on the system.   How can we make it use the latest version supplied by the openssl.base fileset? Is php module dynamically linked?

    curl -k --head https://localhost
    HTTP/1.1 403 Forbidden
    Date: Thu, 27 Jan 2022 21:20:55 GMT
    Server: Apache/2.4.51 (Unix) PHP/7.4.27 OpenSSL/1.0.2u
    Content-Type: text/html; charset=iso-8859-1

    $ lslpp -l openssl.base
    Fileset Level State Description
    ----------------------------------------------------------------------------
    Path: /usr/lib/objrepos
    openssl.base 1.1.2.1200 COMMITTED Open Secure Socket Layer

    Path: /etc/objrepos
    openssl.base 1.1.2.1200 COMMITTED Open Secure Socket Layer

    ------------------------------
    Vasiliy Gokoyev
    ------------------------------

    Original Message


Related Content