Results 1 to 7 of 7

Thread: SUSE server applications and security

  1. #1

    Question SUSE server applications and security

    I see that the PHP5 version in the official repository (OSS) is outdated and dangerous to use. I can't find a newer version in the official update repo either.

    Can someone please explain? Thanks.

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    27,201
    Blog Entries
    15

    Default Re: SUSE server applications and security

    Hi
    It's sitting in test....
    https://build.opensuse.org/package/f...AUpdate%3ATest

    Remember, check the changelogs as fixes are backported so don't rely on just version numbers.
    https://build.opensuse.org/package/f...penSUSE%3A11.4
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  3. #3

    Default Re: SUSE server applications and security

    Hi, and thanks for a quick reply!

    I'm not that familiar with the SUSE's package and update system since I'm all new here. I'm currently using Ubuntu and is used to having updates back ported to the original version, as you wrote, immediately after the php team has released a security patch/new version.

    One thing that concerns me, if I've not misunderstood anything, If I had ran a SUSE web server now with the php5 package from OSS, and had been running updates as usual, would my server had been at risk (while the new package is undergoing testing)?

    It seems like the original OSS package has not been updated, neither had security fixes back ported, for a long while, and that was the thing that triggered my concern in the first place while trying to figure out how SUSE handles security updates for these very critical packages.

  4. #4
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    27,201
    Blog Entries
    15

    Default Re: SUSE server applications and security

    Quote Originally Posted by desire linux
    Hi, and thanks for a quick reply!

    I'm not that familiar with the SUSE's package and update system since
    I'm all new here. I'm currently using Ubuntu and is used to having
    updates back ported to the original version, as you wrote, immediately
    after the php team has released a security patch/new version.

    One thing that concerns me, if I've not misunderstood anything, If I
    had ran a SUSE web server now with the php5 package from OSS, and had
    been running updates as usual, would my server had been at risk (while
    the new package is undergoing testing)?

    It seems like the original OSS package has not been updated, neither
    had security fixes back ported, for a long while, and that was the thing
    that triggered my concern in the first place while trying to figure out
    how SUSE handles security updates for these very critical packages.

    Hi
    Well it appears the issues are classified 'medium' so maybe that's why
    it's taking awhile to be release?
    https://build.opensuse.org/maintenance/qa_11.4
    Planned release is 2011-06-29 there is nothing stopping you grabbing
    the test release...

    --
    Cheers Malcolm °¿° (Linux Counter #276890)
    openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.5-desktop
    up 3 days 3:33, 3 users, load average: 0.02, 0.07, 0.06
    GPU GeForce 8600 GTS Silent - Driver Version: 270.41.19


  5. #5
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: SUSE server applications and security

    On 2011-06-14 04:36, desire linux wrote:
    >
    > Hi, and thanks for a quick reply!
    >
    > I'm not that familiar with the SUSE's package and update system since
    > I'm all new here. I'm currently using Ubuntu and is used to having
    > updates back ported to the original version, as you wrote, immediately
    > after the php team has released a security patch/new version.


    Suse backports security patches to the released version. A new version is
    never released officially, so that new package that is in testing will
    never be official.

    If you are concerned, you have to ask in the security mail list. Or bugzilla.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  6. #6

    Default Re: SUSE server applications and security

    Quote Originally Posted by malcolmlewis View Post
    Hi
    Well it appears the issues are classified 'medium' so maybe that's why
    it's taking awhile to be release?
    https://build.opensuse.org/maintenance/qa_11.4
    Maybe.

    Still I think it's a bad idea to run PHP on a server with several medium classified security issues.

    Quote Originally Posted by malcolmlewis View Post
    Planned release is 2011-06-29 there is nothing stopping you grabbing
    the test release...
    How does that work? Will I experience conflicts between the test and the official later?

  7. #7
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: SUSE server applications and security

    On 2011-06-15 11:06, desire linux wrote:
    > How does that work? Will I experience conflicts between the test and
    > the official later?


    There will be no "official" later. That's against policy, as I explained.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •