1:00 AM
El DiPablo
 |
| (Photo credit: Wikipedia) |
Well our latest scan came up pretty bloody on one of our Wordpress servers. We got dinged pretty hard for running PHP 5.3.2, which is the version that comes from the repositories on Ubuntu 11.04. Even a simple apt-get upgrade won't help with that. I looked at perhaps upgrading the server to 12.04, but the repository for that only has 5.3.10 which has it's own problems. Nope, I needed to go even higher.
It turns out, there is a third party repository that has the latest versions of PHP so you don't have to compile it yourself. To install just do the following from a terminal:
For Ubuntu 11.10/12.04:I also use phpmyadmin, and as I mentioned above I also use Wordpress which requires php5-mysqladmin. Well upgrading to php 5.4.4 forced me to remove phpmyadmin and php5-mysql because they required libmysqlclient16 which it said was uninstallable. What I had to do was run the following to install it:
For Ubuntu 10.04 LTS, run the following commands (Thanks to Ivan Castellanos for the extra tip):
- sudo add-apt-repository ppa:ondrej/php5
- sudo apt-get update
- sudo apt-get install php5
You can check if PHP 5.4.x is successfully installed with this command:
- sudo echo "deb http://ppa.launchpad.net/ondrej/php5/ubuntu lucid main" >> /etc/apt/sources.list
- sudo echo "deb-src http://ppa.launchpad.net/ondrej/php5/ubuntu lucid main" >> /etc/apt/sources.list
- sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E5267A6C
- sudo apt-get update
- sudo apt-get install php5
- php5 -v
After that, everything was back to normal.
- wget http://security.ubuntu.com/ubuntu/pool/main/m/mysql-dfsg-5.1/libmysqlclient16_5.1.63-0ubuntu0.10.04.1_amd64.deb
- sudo dpkg -i libmysqlclient16_5.1.63-0ubuntu0.10.04.1_amd64.deb
- sudo apt-get install php5-mysql phpmyadmin
Now that you are up to date, you should be good for future security scans as well... That is, until the next vulnerability is discovered :-)
[Via Up Ubuntu]
Related articles, courtesy of Zemanta:
