Dear debían: Please help me in the doubt. I have installed php5 in debian squezze (2.6.32-5-686
, 6.0.3) Version PHP5: 5.3.3-7+squeeze3, but recently I review my server with security
tool : Nessus. The tool say me that php5.3.3.7 is vulnerable. Synopsis: The remote web server uses a
version of PHP that is affected by multiple vulnerabilities. Description According to its banner, the version of PHP
5.3.x installed on the remote host is older than 5.3.7. The new
version resolves the following issues : - A stack buffer overflow in
socket_connect(). (CVE-2011-1938) - A use-after-free vulnerability in
substr_replace(). (CVE-2011-1148) - A code execution vulnerability in
ZipArchive::addGlob(). (CVE-2011-1657) - crypt_blowfish was updated to 1.2.
(CVE-2011-2483) - Multiple null pointer dereferences.
(CVE-2011-3182) - An unspecified crash in error_log().
(CVE-2011-3267) - A buffer overflow in crypt().
(CVE-2011-3268) Solution Upgrade to PHP
5.3.7 or later. But I do apt-get
update and not there are new packets by php5, how install the new version?? My source list
File have: deb
http://ftp.us.debian.org/debian/ squeeze main deb-src
http://ftp.us.debian.org/debian/ squeeze main deb
http://security.debian.org/ squeeze/updates main deb-src
http://security.debian.org/ squeeze/updates main deb
http://ftp.us.debian.org/debian/ squeeze-updates main deb-src
http://ftp.us.debian.org/debian/ squeeze-updates main please helpme. Best regards . Thank Jorge Treminio. TIC department. |