[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php vulnerabilities

I use dotdeb.org since 1 year in production webserver ( commercial production )

saravanan ganapathy wrote:

Recently I 've heard about http://www.dotdeb.org/.
They are providing debian packages for php4.3.10. Can I use those packages for production environment?
Plese suggest the best way to secure my php



--- saravanan G <gsaravanan@adventnet.com> wrote:

Hai ,
    I am using php4:4.1.2-7.0.1 on my debian woody.
I have read that there are some vulnerabilities in php <= 4.3.9 as

[01 - pack() - integer overflow leading to heap
bufferoverflow ]
[02 - unpack() - integer overflow leading to heap
info leak ]
[03 - safe_mode_exec_dir bypass in multithreaded PHP
[04 - safe_mode bypass through path truncation ]
[05 - path truncation in realpath() ]
[06 - unserialize() - wrong handling of negative
references ]
[07 - unserialize() - wrong handling of references
to freed data ]

Source url :

How do I secure my php in debian woody?

Please advice me


To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

--------cut here------- Francois Bayart - Famipow/TeCP - Bruxelles francois@famipow.com - www.tecp.info - (gsm +33687841882) jabber : francois@ipow.net 5947 5953 3EC3 33C1 8ED1 7F7E 3FE5 2FBC 5C88 204A --------cut here-------

Reply to: