AW: Vulnerable PHP version according to nessus
Hey,
@Maintainers: Whats the overall Status of the package?
According to php.net 5.3.8 is stable.
Greetings,
Patrick
--
Patrick Geschke
Systemadministration
Top Arbeitgeber 2011!
KiKxxl wurde von TOP JOB als zweitbester Arbeitgeber in Deutschland ausgezeichnet.
KiKxxl GmbH
Mindener Strasse 127
49084 Osnabrück
Tel.: 0541 / 3305 0
Fax : 0541 / 3305 100
Mail: pgeschke@kikxxl.de
WWW : http://www.kikxxl.de
Niederlassung Bremen
Hermann-Köhl-Straße 1a
28199 Bremen
Sitz der Gesellschaft Osnabrück,
HRB 18841, Amtsgericht Osnabrück
Geschäftsführer Andreas Kremer
-----Ursprüngliche Nachricht-----
Von: Dave Henley [mailto:dhenley1@live.com]
Gesendet: Mittwoch, 28. Dezember 2011 08:59
An: debian-security@lists.debian.org
Betreff: Vulnerable PHP version according to nessus
I recently installed a Debian Squeeze system along with apache2 and PHP5.
The system is fully up-to-date and the following php packages are installed:
ii libapache2-mod-php5 5.3.3-7+squeeze3 server-side, HTML-embedded scripting language (Apache 2 module)
ii php-pear 5.3.3-7+squeeze3 PEAR - PHP Extension and Application Repository
ii php5 5.3.3-7+squeeze3 server-side, HTML-embedded scripting language (metapackage)
ii php5-cli 5.3.3-7+squeeze3 command-line interpreter for the php5 scripting language
ii php5-common 5.3.3-7+squeeze3 Common files for packages built from the php5 source
ii php5-mysql 5.3.3-7+squeeze3 MySQL module for php5
ii php5-suhosin 0.9.32.1-1
When I scan my system for vulnerabillities with nessus I get the follwoing high risk output:
Synopsis: The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.
Description
According to its banner, the version of PHP 5.3.x installed on the
remote host is older than 5.3.7.
Solution
Upgrade to PHP 5.3.7 or later.
How do I solve this problem and make sure my system is not prone to any PHP vulnerabilities?
Thanks,
Dave
Reply to: