Here are updated packages in the Yum repository:
The PHP 5.5 and 5.4 releases addresses a CVE, CVE-2013-4113. The CVE and changelogs do not mention PHP 5.5.0 and 5.4.0 – 5.4.17 versions are affected, however they are and the security fix is in PHP.net’s 5.5.1 version, and will be in their next PHP 5.4 release (5.4.18).
Webtatic has included the pending PHP 5.4.18 security fix for this in it’s php54w*-5.4.17 release, so although PHP 5.4.18 will likely be released on PHP.net within the week addressing this issue, it will not be as urgent to upgrade if using php54w*-5.4.17.
Additionally, there have been the following improvements added to the Webtatic PHP releases:
- Zend Thread Safety (ZTS) mod_php module is now bundled with the standard mod_php module (non-ZTS), and will only be enabled if switching httpd prefork MPM to the worker MPM. All PHP extensions included in the repository will install standard extensions and ZTS extensions by default, and depending on the mod_php version being used, use the appropriate extensions in /etc/php.d (non-ZTS) and /etc/php-zts.d (ZTS).
- Mysqlnd is supplied as alternative additional package to php54w-mysql/php55w-mysql (using the system libmysqlclient), and will replace the alternative php54w-mysql55/php55w-mysql55 (using Mysql 5.5 libmysqlclient).
- Several built-in PHP extensions are now shared extensions, so they can be disabled by removing the appropriate /etc/php.d/*.ini and /etc/php-zts.d/*.ini files