Safely update php 5.3.3 to >=5.3.4 on centos 6

apache-2.2 php centos6 update

Solution 1:

For people running PHP-based web sites, it's almost always required to track bug fix changes as well as the security fixes that Red Hat might provide. As you know they rarely provide bug fix updates, due to "enterprise" version locking, even for something like PHP where you really need them.

On my production web servers I have used the remi repository for many years. It provides current versions of PHP, MySQL, Symfony, and many related packages that need such updates on a regular basis. As of this writing, it provides PHP 5.4.33 and MySQL 5.5.40. (PHP 5.5 is available in remi-php55.)

The main difference you will notice is that your PHP bugs start going away... :)

Solution 2:

As madhatter reminded me, a yum update will bring you up to the latest redhat php release, at the time of writing this appears to be: 5.3.3-14.el6_3

In any event your plan of action should be something along the lines of:

  1. Schedule a maintenance window
  2. Create a test plan
  3. Shutdown apache
  4. update php yum update php
  5. start apache
  6. Execute test plan

If your test plan fails you can downgrade php, yum downgrade php that said I would test this all using a "throw away" vm, that way you can run through all of this without any risk to the production system.

Is there a particular need for 5.3.4 or is this just a security concern?

Note: redhat backport security and bug fixes into their releases.

5.3.3-14 for instance indicates php 5.3.3 with 14 redhat itterations:

i.e.

  • Mon Jun 25 2012 Joe Orton - 5.3.3-14

  • add security fix for CVE-2010-2950

  • Wed Jun 13 2012 Joe Orton - 5.3.3-13

  • fix tests for CVE-2012-2143, CVE-2012-0789

  • Tue Jun 12 2012 Joe Orton - 5.3.3-12

  • add fix for CVE-2012-2336

Solution 3:

CentOS 6 does not have PHP 5.3.4 in the standard repositories, which you can see here. yum update php will not upgrade you to 5.3.4.

Think long and hard about why you want to upgrade. CentOS and it's upstream vendor have not included 5.3.4 yet because it has not been tested.

If you really want to continue, you can check out the list of Third Party Repositories. I don't actually see any that have PHP 5.3.4 but I didn't look too hard.

Once you find a repo with the packages you want, gather your current list of PHP packages with rpm -qa | grep php. Run yum update php and it should show you what it wants to update. It should match everything in your currently installed list but have newer versions. If yum doesn't match your currently installed list, don't update.

Related

Active Directory Design - Domains per site or Organisational Units per site
Filtering bad requests from Apache -> logger -> rsyslog to syslog-ng on a remote logging server possible?
Linux high memory usage (top total mismatch)
What username for Login to Console on a Digital Ocean Droplet running FreeBSD 12
How to fix "Could not open a connection to your authentication agent." error when trying to add ssh-key?
Why is SSHD hanging at "Server accepts key"
Hidden Periodic Screenshots on a corporate workstation?
How common are Intel igb NIC drivers/cards, compared to Intel e1000, etc.?
Has March 2015 Patch Tuesday broken 2003 shares?
Filter mirrored port traffic using iptables
multiple file systems for mysql
Cleaning soot out of a server