Re: php vulnerabilities
Recently I 've heard about http://www.dotdeb.org/.
They are providing debian packages for php4.3.10.
Can I use those packages for production environment?
Plese suggest the best way to secure my php
--- saravanan G <firstname.lastname@example.org> wrote:
> Hai ,
> I am using php4:4.1.2-7.0.1 on my debian woody.
> I have read that
> there are some vulnerabilities in php <= 4.3.9 as
> [01 - pack() - integer overflow leading to heap
> bufferoverflow ]
> [02 - unpack() - integer overflow leading to heap
> info leak ]
> [03 - safe_mode_exec_dir bypass in multithreaded PHP
> [04 - safe_mode bypass through path truncation ]
> [05 - path truncation in realpath() ]
> [06 - unserialize() - wrong handling of negative
> references ]
> [07 - unserialize() - wrong handling of references
> to freed data ]
> Source url :
> How do I secure my php in debian woody?
> Please advice me
> To UNSUBSCRIBE, email to
> with a subject of "unsubscribe". Trouble? Contact
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around