CSWS_PHP V1.1 for Compaq Secure Web Server for OpenVMS Alpha

      Update 01

      Release Notes

      March 27, 2003

      Based on PHP V4.1.1

      ----------------------------------------------

      Problems Corrected
      ------------------

      This update contains software fixes for security vulnerabilities
      detailed below.

      1. OpenSSL vulnerabilities: buffer-overflow and timing attacks
         (CERT advisory CA-2002-23, CVE advisories CAN-2003-0078,
         CAN-2003-0147, CAN-2003-0131)

         This problem is corrected. The OpenSSL library included in this
         kit contains OpenSSL version 0.9.6b with the above patches.

         For additional information, see:

	 http://www.kb.cert.org/vuls/id/102795	 
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0078
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0147
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0131

      The following general problems are corrected in this kit.

      1. PHP.INI ignored when using PHP from DCL

         Using PHP directly from DCL causes the PHP.INI settings to
         be ignored.

         This problem is corrected.

      Installation instructions
      -------------------------

      To install the kit, do the following:

        $ @SYS$STARTUP:APACHE$SHUTDOWN
        $ PRODUCT INSTALL CSWS_PHP11_UPDATE
        $ @SYS$STARTUP:APACHE$STARTUP

      ----------------------------------------------

      For more information about PHP, see http://www.php.net.

      For information about installing and configuring PHP with CSWS, see the
      CSWS_PHP for Compaq Secure Web Server for OpenVMS Alpha Installation
      Guide and Release Notes at

      http://www.openvms.compaq.com/openvms/products/ips/
      apache/csws_php_relnotes.html