install RHEL 6.5 php package on RHEL 5.10?
Is it advisable to install a php package targeted to RHEL 6.5 to RHEL 5.10? What is the risk?
php inoperative, server OS inoperative?
I have a subscribed RHEL 6.5 server I can use yumdownloader on to get the php packages.
I have a RHEL 5.10 server on a disconnected network and need to update php.
OR is there a way to use yumdownloader on the 6.5 server to download the 5.10 php packages?
I need to update due to vulnerabilities present in the current 5.10 php install.
Thanks for any help.
Responses
Hi Robert,
Is it advisable to install a php package targeted to RHEL 6.5 to RHEL 5.10?
No. If you went the whole way and updated the dependencies for PHP (which you would have to if you wanted PHP to run), then as you surmise, you would end up with an computer ready for re-installation.
Can you tell me specifically which vulnerabilities you are concerned about in PHP 5.3 in RHEL 5.10 please (CVE numbers would be great), then we can reference that against our advisories.
I would also note that we released a security update for PHP only two days ago as well: https://rhn.redhat.com/errata/RHSA-2014-1012.html that covers the following CVEs:
CVE-2012-1571
CVE-2013-6712
CVE-2014-0237
CVE-2014-0238
CVE-2014-1943
CVE-2014-2270
CVE-2014-3479
CVE-2014-3480
CVE-2014-3515
CVE-2014-4049
CVE-2014-4721
Please let us know,
Many thanks,
Mark
[edit] s/PHP 5.10/PHP 5.3 in RHEL 5.10/
Hi Robert,
http access to packages is via: https://rhn.redhat.com/rhn/channels/software/Search.do
and the specific rpm is at:
https://rhn.redhat.com/rhn/software/packages/details/Overview.do?pid=987924
Please remember to check dependencies!
Best regards,
Mark
EDIT: This explains how you could have offline content of specific packages. Regarding the mixing of el6 packages on an el5 box - I would not attempt that (personally).
You could potentially do the following:
* retrieve the repo data for the files you want to retrieve
* place the repo file in /etc/yum.repos.d/ and make sure enabled=0
* create an excludepkgs and includepkgs directive in your repo file
* run reposync and identify the repo you just created
* bonus: you could run createrepo (which would create the repomd.xml file and all)
* place the entire repo on some media that you can attach to your server
Repo File (I use this to ONLY grab a few asm files - not the entire repo - hence the include/exclude)
/etc/yum.repos.d/oracle.repo
[ol6_latest]
name=Oracle Linux 6 Latest (x86_64)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=0
exclude = *xen*
includepkgs = oracleasm*el6.x86_64 oracle-validated-* oracleasmlib* cvu* kmod-oracleasm*
excludepkgs = oracleasm-2.6*.ol6xen* oracleasm-2.6.*.ol6debug* oraclelinux-release* oracle-logos* oracle-rdbms*
includepkgorder = excludepkg,includepkg
SWBASE=/var/satellite/repos/
ARCH=x86_64
REPOID=ol6_latest
PKGDIR=${SWBASE}/${ARCH}/${REPOID}
reposync -q -n -a $ARCH --repoid=${REPOID} -p ${SWBASE}/${ARCH}/ # > /dev/null 2>&1
cd $PKGDIR
createrepo $PKGDIR
tree /var/satellite/repos/x86_64/ol6_latest/
/var/satellite/repos/x86_64/ol6_latest/
|-- getPackage
| |-- kmod-oracleasm-2.0.6.rh1-2.el6.x86_64.rpm
| `-- oracleasm-support-2.1.8-1.el6.x86_64.rpm
`-- repodata
|-- filelists.xml.gz
|-- other.xml.gz
|-- primary.xml.gz
`-- repomd.xml
I pulled this from a script that I use to do many things, but I think all the pieces are there.
Robert,
Did you install the RPM linked to by Mark Flitter? It is the latest 5.x package and addresses the CVEs you are concerned about.
If there are any outstanding CVEs on that version of the package I would raise it with Red Hat, the support that Red Hat offers includes backported security patches.
There should be no need to install 6.x, or CentOS packages, especially considering Red Hat is CentOS's upstream.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
