Re: php vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: php vulnerabilities
From: saravanan ganapathy <sarav_gsa@yahoo.com>
Date: Mon, 20 Dec 2004 23:47:11 -0800 (PST)
Message-id: <[🔎] 20041221074711.51856.qmail@web51707.mail.yahoo.com>
In-reply-to: <[🔎] 41C7C251.6090208@adventnet.com>

Recently I 've heard about http://www.dotdeb.org/.
They are providing debian packages for php4.3.10. 

Can I use those packages for production environment? 

Plese suggest the best way to secure my php

Regards,

Sarav


--- saravanan G <gsaravanan@adventnet.com> wrote:

> Hai ,
>      I am using php4:4.1.2-7.0.1 on my debian woody.
> I have read that 
> there are some vulnerabilities in php <= 4.3.9 as
> follows
> 
> [01 - pack() - integer overflow leading to heap
> bufferoverflow ]
> [02 - unpack() - integer overflow leading to heap
> info leak ]
> [03 - safe_mode_exec_dir bypass in multithreaded PHP
> ]
> [04 - safe_mode bypass through path truncation ]
> [05 - path truncation in realpath() ]
> [06 - unserialize() - wrong handling of negative
> references ]
> [07 - unserialize() - wrong handling of references
> to freed data ]
> 
> 
> Source url :
> http://www.hardened-php.net/advisories/012004.txt
> 
> How do I secure my php in debian woody?
> 
> Please advice me
> 
> Sarav
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to
> debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Reply to:

Follow-Ups:
- Re: php vulnerabilities
  - From: Francois Bayart <francois@famipow.com>

References:
- php vulnerabilities
  - From: saravanan G <gsaravanan@adventnet.com>

Prev by Date: Re: php vulnerability
Next by Date: Re: php vulnerability
Previous by thread: php vulnerabilities
Next by thread: Re: php vulnerabilities
Index(es):
- Date
- Thread