Dear debían:
Please help me in the doubt.
I have installed php5 in debian squezze (2.6.32-5-686
, 6.0.3) Version PHP5: 5.3.3-7+squeeze3, but recently I review my server with security
tool : Nessus.
The tool say me that php5.3.3.7 is vulnerable.
Synopsis: The remote web server uses a
version of PHP that is affected by
multiple vulnerabilities.
Description
According to its banner, the version of PHP
5.3.x installed on the
remote host is older than 5.3.7. The new
version resolves the
following issues :
- A stack buffer overflow in
socket_connect().
(CVE-2011-1938)
- A use-after-free vulnerability in
substr_replace().
(CVE-2011-1148)
- A code execution vulnerability in
ZipArchive::addGlob().
(CVE-2011-1657)
- crypt_blowfish was updated to 1.2.
(CVE-2011-2483)
- Multiple null pointer dereferences.
(CVE-2011-3182)
- An unspecified crash in error_log().
(CVE-2011-3267)
- A buffer overflow in crypt().
(CVE-2011-3268)
Solution
Upgrade to PHP
5.3.7 or later.
But I do apt-get
update and not there are new packets by php5, how install the new version??
My source list
File have:
deb
http://ftp.us.debian.org/debian/ squeeze main
deb-src
http://ftp.us.debian.org/debian/ squeeze main
deb
http://security.debian.org/ squeeze/updates main
deb-src
http://security.debian.org/ squeeze/updates main
deb
http://ftp.us.debian.org/debian/ squeeze-updates main
deb-src
http://ftp.us.debian.org/debian/ squeeze-updates main
please helpme.
Best regards .
Thank
Jorge Treminio.
TIC department.