The Pecl imagick extension for PHP 5.4/5.5/5.6 has been rebuilt in order to fix a non backwards-compatible API change in ImageMagick-devel changed in the RHEL/CentOS 6.7 minor release.
This update means this extension will only now be able to be installed if RHEL/CentOS 6.7 packages are available on existing 6.x systems.
As mentioned previously in Webtatic EL5 and EL6 going HTTPS on 18th July, Webtatic EL5 and EL6 will now, for new webtatic-release RPM installations and upgrades, use HTTPS protocol to download packages.
This was possible since October last year when EL7 was released with HTTPS support by default, however wasn't applied due to potential issues with old minor releases of RHEL/CentOS. Since then, Webtatic has taken the decision to focus on the latest minor releases (5.11, 6.6, 7.1) in securing traffic.
As the previous article mentioned, this is on top of the GPG signature validation that already happens by default for all packages, which ensure packages can't be tampered.
If you're having problems with this switch, it's recommended to upgrade your RHEL/CentOS minor version:
Once done, ensure your openssl package is the latest version.
Webtatic likes to ensure all packages are installed securely, it uses gpg signature verification to ensure there is no tampering of the packages. Last October, Webtatic EL7 was released with HTTPS being the default method of install.
Though Webtatic EL5 and EL6 have supported HTTPS since then, it hasn't been the default method of install, instead being HTTP. This was due to my concerns that it might have issues on old installs of RHEL/CentOS that didn't have base package security updates to support the TLS ciphers used.
Recently I've decided to ensure all packages are installed by default over https, as the latest RHEL/CentOS 5.11 and 6.6 support this method. Any release before that will instead have to manually change the *.repo mirrorlist configuration to http if their openssl packages don't support it, though I'd strongly recommend updating to the latest minor release of RHEL/CentOS instead.
This switch will happen on 18th July. Before then, you can install the latest webtatic-release package in the testing repository to see this now via:
yum update webtatic*-release --enablerepo=webtatic-testing
Due to scheduling the EOL of PHP 5.3 on the Webtatic repository, the original Webtatic-5 repository (http://repo.webtatic.com/yum/centos/5/) will become EOL at the same time, 14th September, due to no more packages being maintained on it.
When this happens, the latest RPMs for the repository will be moved to the Webtatic archive server, and not be available as a Yum repository.
Note this doesn't affect the Webtatic EL5 repository, which was created several years later, and supplies several actively updated packages, such as PHP 5.4/5.5, MySQL 5.1/5.5.
Scheduled for 14th September 2015, php.net will EOL PHP 5.4, meaning they will no longer supply security updates for that release. This means it's a good time to start thinking about how you want to handle it for your servers.
It's worth considering whether you can make the jump to PHP 5.6 now, as PHP 5.5 is imminently going to change to security support mode within a few weeks, and is scheduled to become EOL next June.
http://php.net/supported-versions.php
Webtatic will be providing backported security updates for PHP 5.4 for 1 year across RHEL/CentOS 5.11/6.6/7.1, so this will give you time to consider your options, and plan for upgrades to your servers.
Webtatic has been providing backported security updates for PHP 5.3 beyond it's php.net EOL, but will stop doing so when PHP 5.4 is EOL'd. When this happens, it will move to the Webtatic archive servers, and not be supplied as a yum repository.
Here are updated packages in the Yum repository:
Nginx 1.8.0 replaces 1.6.3 as the most up to date stable release of Nginx.
The 5.6.9 release fixes 7 CVEs (along with other bug fixes):
* CVE-2015-2325
* CVE-2015-2326
* CVE-2015-4021
* CVE-2015-4022
* CVE-2015-4024
* CVE-2015-4025
* CVE-2015-4026
The PHP 5.5.25 release fixes 5 CVEs (along with other bug fixes):
* CVE-2015-4021
* CVE-2015-4022
* CVE-2015-4024
* CVE-2015-4025
* CVE-2015-4026
The PHP 5.4.41 release fixes 6 CVEs (along with other bug fixes):
* CVE-2015-2325
* CVE-2015-2326
* CVE-2015-4022
* CVE-2015-4024
* CVE-2015-4025
* CVE-2015-4026
Here are updated packages in the Yum repository:
The PHP 5.5.24 and 5.6.8 releases fix 5 CVE (along with other bug fixes):
* CVE-2015-1351
* CVE-2015-1352
* CVE-2015-2783
* CVE-2015-3329
* CVE-2015-3330
The PHP 5.4.40 release fixes 5 CVE (along with other bug fixes):
* CVE-2015-1352
* CVE-2015-2783
* CVE-2015-3329
* CVE-2015-3330
* CVE-2014-9709
The PHP 5.4 pecl zendopcache 7.0.5 release fixes 1 CVE (along with other bug fixes):
* CVE-2015-1351
No CVEs were reported as fixed in the Nginx 1.6.3 and MySQL 5.5.43 changelogs.
Here are updated packages in the Yum repository:
The PHP 5.6.7, 5.5.23 and 5.4.39 releases fixes 3 CVEs (along with other bug fixes):
* CVE-2015-0231
* CVE-2015-2305
* CVE-2015-2331