PHP 5.2.5 Released, 7 security enhancements & fixes


The PHP development team would like to announce the immediate availability of PHP 5.2.5. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.

Further details about the PHP 5.2.5 release can be found in the release announcement for 5.2.5, the full list of changes is available in the ChangeLog for PHP 5.

Security Enhancements and Fixes in PHP 5.2.5:

  • Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
  • Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
  • Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
  • Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
  • Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
  • Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
  • Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).

For users upgrading to PHP 5.2 from PHP 5.0 and PHP 5.1, an upgrade guide is available here, detailing the changes between those releases and PHP 5.2.5.

Download now.

in PHP | 215 Words

Fedora 8 (Werewolf) is out : Iso Download Link

Fedora 8 is out, interesting "song"  from  here:

It’s close to midnight and something cool is coming through the "tubes"
It’s looking real tight, a distro for the experts and the n00bs
With Live CDs* so you can try it out before installing
Or DVDs so you can have the packages you choose
No way to lose

‘Cause it’s Fedora, Fedora 8
We’d love to have you join us and together we’ll be great
Using Fedora, Fedora 8
Just click the link and rescue your computer’s future today

Hotplugging speakers, you realize PulseAudio is sweet
You feel the power of kernel 2.6.23
You close your eyes but then you can’t see all the gorgeous artwork
You want online? New NetworkManager helps you explore
And try out BigBoard

‘Cause it’s Fedora, Fedora 8
This is the leading edge of free and open source today
You’ve got Fedora, Fedora 8
A brand-new shiny desktop with the latest, greatest awaits

Now firewalls, you will find, are a ball to configurate
Virtual hosts you can manage the most secure way
(It makes your day)
Now you can authenticate

They’re out to get you, security enhancements stop them cold
You want your codecs? Codeina is the legal way to go
We’ve got the spins — developers, electronics, and gaming
And that’s not all, we wanted to make sure your Java’s free
So we’ve got IcedTea

Inside Fedora, Fedora 8
We promise Number 9 is no more than six months away, world
Fedora, Fedora 8
So get aboard the torrent, share Fedora, score a new Fedora, by next May
‘Cause it’s Fedora, Fedora 8
You get to keep both pieces anytime that something breaks, girl
Fedora, Fedora 8
If only Vincent Price could read this killer filler:

"Werewolf" moves across the land
Router meltdowns close at hand
Sysadmins in search of blood
For those who caused this bandwidth flood
And whosoever took the risk
But failed to make an extra disc
Must face the Bastard Op from Hell
And lose his access to the shell

The best of Linux now is here
To kill the FUD and strike with fear
The hearts of those who steal your rights
And hide their code far from your sight
Closed source takes away what’s yours
But you’ll never shake the horror
Until you taste the freedom and
The power of FEDORA!

 Even tutorial on installing fedora 8 already made too, cool :

Fedora 8 Installation Guide

some location for download :

 Links :


Pfsense : 1.2 Release Candidate 3 released!

Pfsense 1.2-RC3 has been released! Here are just a few of the new improvements and features that have made their way into this new version:

  • IPSEC Carp rules cleanup
  • IPSEC stability worksarounds for > 150 tunnels
  • Only reload webConfiguration from System -> Advanced when cert changes
  • Increase net.inet.ip.intr_queue_maxlen to 1000 which is the IP input queue.
  • Do not allow sticky connection bit to be set if pppoe is enabled. Ticket #1319
  • Disable firmware upgrade for embedded and cdrom and suggest using the console option to upgrade. Ticket #1433
  • Recompile MPD with MSS/dial-on-demand patches (also fixes idle timeout bug) Obtained-from:
  • Fix CP not sending Acct-Session-Time to Radius during accounting update Ticket #1434
  • Work around heavy network activity issues. [20070116, update 20070212] Systems with very heavy network activity have been observed to have some problems with the kernel memory allocator. Symptoms are processes that get stuck in zonelimit state, or system livelocks. One partial workaround for this problem is to add the following line to /boot/loader.conf and reboot: kern.ipc.nmbclusters=”0″
  • Bump lighttpd to 1.4.18
  • Show wireless nodes regardless if we can deterimine BSS value.
  • IPSEC tunnel endpoint highlighting in system logs
  • Show the IPSEC interface as a option for the traffic graph.
  • Add RRD Settings page.
  • Make it possible to disable RRD graphs. Bump config so it’s on by default if it wasn’t already.
  • Correctly set reflection timeout for all protocols.
  • Restart snmp services after LAN IP changes Ticket #1453
  • Bump miniupnpd version to RC9 -add multiple interface support
  • Speedup ARP page by using diag_dhcp_leases.php page code for parsing the dhcpd.leases file
  • Relax the ip address check and allow duplicate ip address entries which allows fr example a wireless card and a ethernet card on a laptop to share the same ip address
  • Do not allow DHCP server to be enabled when DHCP relay is enabled, and vice versa Ticket #1488
  • IPSEC keep alive pinger using the wrong source IP address Ticket #1482
  • Failover DHCP Server in 10 seconds as opposed to 60 seconds

1.2-RC3 will appear at a mirror near you very soon. Please let us know what you think on the forum or mailing list.

Update: more than half of the mirrors have these files now, if you try one that doesn’t have the files, try another. They’ll all be updated within 24 hours.

Location for download : Loquefaltaba

in Unix | 412 Words

ClamAV-clamd av-scanner FAILED

Recent electric failure result make my mail server down. After reboot, doing fsck -y and so on. Restart again email still down.

After see the log, action taken to make mail server up as fast as I can.

mail# tail -f /var/log/maillog

Nov  7 08:01:18 mail postfix/smtpd[6714]: lost connection after RCPT from[]
Nov  7 08:01:18 mail postfix/smtpd[6714]: disconnect from[]

Nov  7 08:01:19 mail postfix/smtpd[6693]: disconnect from[]
Nov  7 08:01:20 mail amavis[6519]: (06519-02) ClamAV-clamd av-scanner FAILED: Too many retries to talk to

/var/run/clamav/clamd (Can’t connect to UNIX socket

/var/run/clamav/clamd: Permission denied) at (eval 56) line 257.
Nov  7 08:01:20 mail amavis[6519]: (06519-02) WARN: all primary virus scanners failed,

considering backups
Nov  7 08:01:20 mail postfix/smtpd[6647]: connect from[]
Nov  7 08:01:21 mail postfix/smtpd[6711]: warning: RBL lookup

error: Host or domain name not found. Name service error for type=A: Host not found, try again
Nov  7 08:01:21 mail amavis[6544]: (06544-02) ClamAV-clamd av-scanner FAILED: Too many

retries to talk to /var/run/clamav/clamd (Can’t connect to UNIX socket

/var/run/clamav/clamd: Permission denied) at (eval 56) line 257.
Nov  7 08:01:21 mail amavis[6544]: (06544-02) WARN: all primary virus scanners failed,

considering backups
Nov  7 08:01:22 mail postfix/smtpd[6711]: DC0E24112DF:[]
Nov  7 08:01:22 mail postfix/smtpd[6711]: lost connection after RCPT from[]
Nov  7 08:01:22 mail postfix/smtpd[6711]: disconnect from[]

try to start manually.

mail# /usr/local/etc/rc.d/clamav-clamd restart

clamav_clamd not running? (check /var/run/clamav/
Starting clamav_clamd.

mail# /usr/local/etc/rc.d/clamav-clamd restart
clamav_clamd not running? (check /var/run/clamav/
Starting clamav_clamd.

Change ownership of clamav to vscan

mail# chown vscan:vscan clamav
mail# ls -l
total 36
-rw——-  1 root   wheel       0 Nov  7 04:11 accept.lock.967
drwxr-x—  2 vscan  vscan     512 Nov  7 07:59 clamav

mail# /usr/local/etc/rc.d/clamav-clamd restart

clamav_clamd not running? (check /var/run/clamav/
Starting clamav_clamd.


mail# /usr/local/etc/rc.d/clamav-clamd restart
Stopping clamav_clamd.
Waiting for PIDS: 7074.
Starting clamav_clamd.

mail# chown vscan:vscan /var/log/clamav/clamd.log
mail# chown vscan:vscan /var/log/clamav/freshclam.log
mail# /usr/local/etc/rc.d/clamav
-clamd restart
Stopping clamav_clamd.
Waiting for PIDS: 7092.
Starting clamav_clamd.
mail# /usr/local/etc/rc.d/clamav-freshclam restart
clamav_freshclam not running? (check /var/run/clamav/
Starting clamav_freshclam.

mail# /usr/local/sbin/amavisd start

Done, permission error.

Once again in server 🙂

Log is your friend.

in Unix | 427 Words

FreeBSD 7.0 beta2 and 6.3 Beta1

The 7.0-BETA2 builds have completed and are on many of the FreeBSD
mirror sites. If you want to update an existing machine using cvsup use
RELENG_7 as the branch tag. Instructions on using FreeBSD Update to
perform a binary upgrade from FreeBSD 6.x to 7.0-BETA2 will be provided
via the freebsd-stable list when available.
Download for i386 :

7.0 Beta2

in Unix | 54 Words