Thnaks, I checked the CVE`s against the changelogs and approx. 50% is covered.
Is there a website of some sort to check what kind of CVE`s have been patched? If nessus does not provide a reliable report, what is the best next step to take here? Are there any howto`s or tutorials on howto secure a php installation on a debian system? Any suggestions would be very helpful. From: j.andradas@gmail.com Date: Wed, 28 Dec 2011 12:47:48 +0100 Subject: Re: Vulnerable PHP version according to nessus To: jmm@debian.org CC: debian-security@lists.debian.org 2011/12/28 Moritz Mühlenhoff <jmm@debian.org> Dave Henley <dhenley1@live.com> schrieb: In order to try to be more accurate, you could enable the "Thorough scan" option in Nessus. Disable the "safe checks" options might help, so Nessus does not rely (only) on version number and banners but actually tries to exploit the vulnerability (depending on how the NASL script/plugin is written, of course). However, this could cause that, if there is a denial of service vulnerability or any other that might impact on running services, these might be affected, and maybe the service would have to be restarted or even the host rebooted (for example, if it's a vulnerability that crashes the OS) Since we address security vulnerabilities with backports this Best Regards, -- Jonás Andradas GPG Fingerprint: 678F 7BD0 83C3 28CE 9E8F 3F7F 4D87 9996 E0C6 9372 |