RealTime IT News

Blog Archives

PHP 5.5.13 Updated for Two Security Vulnerabilities

By Sean Michael Kerner   |    May 30, 2014

From the 'time to patch' files:

The open-source PHP programming language project has phpreleased the PHP 5.5.13 and 5.4.29 updates, each providing numerous bug fixes and both providing fixes for a pair of security vulnerabilities.

The two security vulnerabilities are identified as:

  • Bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
  • Bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)

Neither of these bugs look to be highly critical to me, but both could lead to Denial of Service conditions which always need to be mitigated. Server admins and php developer should get updated packages from their respective Linux distros or from php.net

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

    PHP Next Taking a Page from Facebook HipHop

    By Sean Michael Kerner   |    May 29, 2014

    From the 'Still Waiting for PHP 6' files:

    Three and a half years ago in December of 2011, I wrote about Facebook's new HipHop Virtual phpmachine for improving PHP. Now it looks like mainline PHP developers are going to soon go the same route.

    The Hip Hop Virtual Machine (hhvm) makes PHP faster by providing Just-In-Time (JIT) compilation and it's now something being baked into the PHP next gen branch.

    "When we aren't looking for pictures of kittens on the internet, internals developers are nearly always looking for ways to improve PHP, a few developers have a focus on performance," a post on PHP.net states. "By making these improvements, the phpng branch gives us a considerable performance gain in real world applications, for example a 20 percent increase in throughput for Wordpress."

    This is a great idea of PHP which has been evolving really nicely over the last two years. The PHP 5.5 release for example got the Zend Optimizer+ Opcode cache system, which I personally see a huge improvement from for running PHP applications.

    PHP 5.6 is currently at its Beta 3 stage and is already feature frozen, so I wouldn't expect the next gen branch stuff to land until a future PHP 5.7 (or PHP 6?!)

    Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

    December 31, 1969

    December 31, 1969

    #OpenStack Project Staypuft Fuels Red Hat

    By Sean Michael Kerner   |    May 13, 2014

    project staypuft From the 'It's Not the Marshmallow Man' files:

    ATLANTA. There seems to be no shortage of interesting OpenStack installer projects and at that OpenStack Summit this week I learned about another one.

    Currently known as Project Staypuft - in homage to the Ghostbusters movie monster - Staypuft is essentially an installer for an installer (Foreman).

    During an OpenStack Summit session, Red Hat staffers explained that Staypuft lets Foreman do installation and help to manage the lifecycle as well. There is a strong Puppet tie-in with Staypuft, but for reasons I don't quite understand, Red Hat isn't using PuppetDB for the data.

    There were a lot of questions during the session, but the most often asked one was:

    Why another installer? Why not leverage from other projects?

    In particular, the question was asked why not just use the open-source FUEL components from Mirantis. The answer that I heard was somewhat interesting.

    You see, Red Hat can't directly integrate Mirantis' FUEL with the Red Hat Satellite service. So even though there are other open-source efforts out there that kinda /sorta do the same things that Staypuft aims to do, Red Hat is out building its own.

    Whatever becomes of Staypuft, one thing is for sure, the name will likely change and Red hat will continue its efforts to make OpenStack easy to install and manage.

    You can find the Github repo for staypuft at: https://github.com/theforeman/staypuft

    Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist