Perl + other rpms not updated by upcp

[mr2828]

I noticed a Red Hat security fix came out yesterday for Perl:

https://rhn.redhat.com/errata/RHSA-2005-105.html

But my upcp seems to be configured to not take the update:

The following Packages were marked to be skipped by your configuration:

Name Version Rel Reason
-------------------------------------------------------------------------------
httpd 2.0.46 44.entPkg name/pattern
mod_ssl 2.0.46 44.entPkg name/pattern
perl 5.8.0 88.9 Pkg name/pattern
php 4.3.2 19.entPkg name/pattern
php-imap 4.3.2 19.entPkg name/pattern
php-ldap 4.3.2 19.entPkg name/pattern
php-mysql 4.3.2 19.entPkg name/pattern
redhat-release 3ES 7.4 Config modified


Will perl eventually be updated by cPanel to fix these new security problems, or do I need to somehow force upcp to update perl?

 

[Aric1]

You can allow RPM perl updates by changing that option in Tweak settings. Generally, you shouldn't allow this, however.

But before you do that, log into your server as root via SSH and type:

perl -v

What version are you using?

It is likely you are using a newer version already.

If not, or if you want to upgrade to a newer version there are several ways to do so, all of them are discussed in these forums (there's one thread, called perl 5.8.4 that details out your options:

http://forums.cpanel.net/showthread.php?t=30932

 

[mr2828]

Well as you can see in the upcp output I quoted, the current Perl package is:

perl 5.8.0 88.9

This is the one that Redhat just released an upgrade for I think.

My real question isn't so much how to upgrade Perl manually, but rather "will cPanel eventually upgrade my Perl automatically?" Ditto for the other packages that are being prevented from being updated.

 

[Aric1]

The version listed is the version up2date wants to install, not the version you currently have installed.

CPANEL uses its own copy of perl, rather than relying on RedHat.

It is likely you have perl 5.8.4 installed, but not certain. perl -v would tell you that.

Redhat regularly backports security fixes from new versions to their older version. You only need the upgrade if you are using the redhat perl version, which you probably are not.

As for upgrading perl if you use redhat's version of perl, rather than CPANEL's version... I already told you what to do tell CPANEL to allow RPM perl updates from your OS vendor.

As for the other packages, you shouldn't try to update them as doing so will affect CPANEL (which as I noted uses its own versions)

 

[chirpy]

Indeed, as Aric put it so well. The cPanel installed distribution of perl updates its perl modules directly from cpan, so you should always have the latest modules that cPanel needs and that were initially installed. If you use other modules, then you can upgrade them manually yourself using /scripts/perlinstaller.

 

[mr2828]

Thanks for the clarifications. You're right, I am running 5.8.4.