0

I have set up an [ISPconfig][1] server and am now trying to install curl. I'm using apt-get to install php5-curl and it seems to be throwing up an error.

After I press "y" to accept the install it takes me to a screen that says

php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high

  * The following new directives were added as part of security fixes:
    - max_input_vars - specifies how many GET/POST/COOKIE input variables
      may be accepted.  Default value is set to 1000.
    - xsl.security_prefs - define forbidden operations within XSLT
      stylesheets.  Write operations are now disabled by default.

 -- Ondřej Surý <ondrej@debian.org>  Mon, 23 Jan 2012 12:22:26 +0100

php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low

  * Updated blowfish crypt() algorithm fixes the 8-bit character handling
    vulnerability (CVE-2011-2483) and adds more self-tests.  Unfortunately
    this change is incompatible with some old (wrong) generated hashes for
    passwords containing 8-bit characters.  Therefore the new salt prefix
    '$2x$' was introduced which can be used as a replacement for '$2a$'
    salt prefix in the password database in case the incompatibility is
    found.

 -- Ondřej Surý <ondrej@debian.org>  Mon, 04 Jul 2011 10:31:16 +0200

/tmp/tmp93fjeS

Please help me with what I should do.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
bretterer
  • 135
  • 9
  • So what is the error? That is normal outpu if apt-listchanfes is installed. – Zoredache Feb 13 '12 at 15:42
  • [Administration panels are off topic](http://serverfault.com/help/on-topic). [Even the presence of an administration panel on a system,](http://meta.serverfault.com/q/6538/118258) because they [take over the systems in strange and non-standard ways, making it difficult or even impossible for actual system administrators to manage the servers normally](http://meta.serverfault.com/a/3924/118258), and tend to indicate low-quality questions from *users* with insufficient knowledge for this site. – HopelessN00b Mar 08 '15 at 21:32

1 Answers1

1

This isn't an error. This is because you have the apt-listchanges package installed, and this package is showing you the changelog of the php5 security upgrade that you are receiving. If you don't care to see what has been changed in a pacakge when it is getting upgraded, you can remove the apt-listchanges package.

If you are asking how to dismiss this changelog, press 'q' to quit the pager it is being displayed in.

Furthermore, If you are only now getting a php5 security upgrade which was released last July, you should certainly be performing security upgrades more frequently. apt-get update ; apt-get upgrade or aptitude update ; aptitude safe-upgrade would perform these upgrades. You might consider installing the cron-apt package which can email you when security upgrades are available, or subscribe to the debian security announce mailing list, which is a low traffic mailing list for announcing these security upgrades

stew
  • 9,388
  • 1
  • 30
  • 43
  • Thank you! removing apt-listchanges let me finish the install of curl – bretterer Feb 13 '12 at 15:52
  • Also ... this was not a security upgrade. It is a clean install from a rackspace server. Thus, I did not install curl at the start. I did not realize that apt-listchanges was installed and have never really had it before because I normally use CentOS – bretterer Feb 13 '12 at 21:17
  • shame on rackspace for delivering a vulnerable server then! :) – stew Feb 13 '12 at 21:27
  • (but yes, at least some component of php5 must have been getting upgraded, or else apt-listchanges wouldn't have kicked in) – stew Feb 13 '12 at 21:31