RHEL/CentOS PHP and PHP53 packages

As reported last week, the very popular IUS repository had released updated PHP 5.3 packages that fix the PHP-CGI query string parameter vulnerability.  However, we were still waiting for updated packages from Red Hat.

As it turns out, the PHP and PHP53 packages Red Hat provided for versions 5 and 6 of their enterprise Linux distribution several weeks ago were not affected by the second alert regarding the PHP-CGI query string parameter vulnerability.

If you have not already, I strongly suggest that you upgrade these packages on your system.

You can read more about this Red Hat’s reasoning for not releasing updated PHP packages after the initial packages released at the beginning on May 2012 here.

Expect RHEL 7 For Mid-2013

NetworkWorld today reported that Red Hat has announced the release of RHEL 7 for the second half of 2013.  This is on track with Red Hat’s plans to release a new version of RHEL every 3 years along with a 10 year support plan for all releases, starting with RHEL 5.

Not a lot is known about what’s coming in RHEL 7, however you can read more at the NetworkWorld article here.

Friendly Reminder From The ISC: Reserved IP Address Space

Today, the ISC Diary had a great post about reserved  addresses ranges and how not all of them should be used in internal networks (e.g.,

Included was a table explaining what net blocks are suitable for your LAN.

I hope that this post gives everyone a refresher on what net blocks to use and most importantly, which NOT to use when assigned IP space for your local networks.

Backup regularly, Test often!

Here are some tips for backing up important data:

  1. Put together a system that you can use across all of your systems and is easy for you to manage.
  2. Run the backup process manually and test the backup to make sure it works.
  3. Check your backup after it runs automatically for the first time.
  4. Have your system alert you when a backup fails or there is a problem during backup.
  5. Check up on your backups regularly.  Make sure everything is running as it should.
  6. Schedule a recurring time to test the backups.  It is very easy these days with technologies like virtualization to test backups.

Red Hat Enterprise Virtualization 3 60 Day Trial

Red Hat is offering a 60 day trial installation of RHEV 3.  RHEV is an enterprise virtualization product based on RHEL and KVM.  You can read more about it at Wikipedia and on Red Hat’s own product page.

The benefits of RHEV and KVM are strongest for Linux virtualization needs.  Red Hat focused on building up KVM, with RHEV, to a product that can provide fast and stable Linux virtualization on the server and desktop.

Open Source Virtualization – KVM

If you need a free virtualization solution, I strongly recommend ESXi.  Even the free, limited version works very well in small environments.

However, if you’re thinking of going the open source route, KVM is an up and comer in the market that is 100% free and 100% open source.  It’s actually built right in to the Linux Kernel and comes with RHEL, CentOS, Ubuntu and many more Linux distributions.

Right now, KVM requires Linux knowledge to setup and configure, but Red Hat and others are starting to change that as KVM becomes a more viable alternative to VMWare.  Red Hat is currently developing an enterprise product based on KVM to compete with VMWare and Hyper-V.

One of the Product Marketers for the “Enterprise Virtualization” department at Red Hat,  Chuck Dubuque, wrote a great post about how KVM is integrated into the Linux Kernel and how that provides a more stable, better performing and all-around tighter experience  for admins and end-users compared to some other Linux solutions like Xen.

He included this great slide in his post:

If you’re thinking about an open-source solution for your test lab or even in your data center, grab a copy of CentOS or Fedora and play with KVM.  You’ll notice right away how tightly integrated it is into your installation.

PHP mod_cgi full fix finally released

PHP developers have released a second (and hopefully final) fix for the much publicized mod_cgi PHP vulnerability.

According to this post over at ThreatPost, the new fix was released yesterday and is available via the PHP 5.3.13  and 5.4.3 updates.

Even though this issue is only currently known to affect those running PHP using Apache mod_cgi  (the standard Apache method (mod_php) and nginx+php-fpm are not affected), I highly recommend updating as soon as possible.

Be on the lookout for new updates from RHEL/CentOS for PHP/PHP53 packages and PHP53u packages for IUS.