I recently installed a Debian Squeeze system along with apache2 and PHP5.
The system is fully up-to-date and the following php packages are installed: ii libapache2-mod-php5 5.3.3-7+squeeze3 server-side, HTML-embedded scripting language (Apache 2 module) ii php-pear 5.3.3-7+squeeze3 PEAR - PHP Extension and Application Repository ii php5 5.3.3-7+squeeze3 server-side, HTML-embedded scripting language (metapackage) ii php5-cli 5.3.3-7+squeeze3 command-line interpreter for the php5 scripting language ii php5-common 5.3.3-7+squeeze3 Common files for packages built from the php5 source ii php5-mysql 5.3.3-7+squeeze3 MySQL module for php5 ii php5-suhosin 0.9.32.1-1 When I scan my system for vulnerabillities with nessus I get the follwoing high risk output: Synopsis: The remote web server uses a version of PHP that is affected by multiple vulnerabilities. Description According to its banner, the version of PHP 5.3.x installed on the remote host is older than 5.3.7. Solution Upgrade to PHP 5.3.7 or later. How do I solve this problem and make sure my system is not prone to any PHP vulnerabilities? Thanks, Dave |