[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Vulnerable PHP version according to nessus



Depending on your aim with your www-serv, check out suhosin.org. Some patches that harden PHP when used in multi-user envs.

Sent from my iPhone

On 28 Dec 2011, at 13:45, Dave Henley <dhenley1@live.com> wrote:

thanks....

Dave

> Date: Wed, 28 Dec 2011 15:31:53 +0200
> From: henri@nerv.fi
> To: dhenley1@live.com
> CC: j.andradas@gmail.com; jmm@debian.org; debian-security@lists.debian.org
> Subject: Re: Vulnerable PHP version according to nessus
>
> On Wed, Dec 28, 2011 at 12:53:13PM +0000, Dave Henley wrote:
> > Thnaks, I checked the CVE`s against the changelogs and approx. 50% is covered.
> > Is there a website of some sort to check what kind of CVE`s have been patched?
> > If nessus does not provide a reliable report, what is the best next step to take here?
> > Are there any howto`s or tutorials on howto secure a php installation on a debian system?
> > Any suggestions would be very helpful.
>
> Update all software in your www-server. Some useful links:
>
> http://security-tracker.debian.org/tracker/
> http://www.debian.org/doc/manuals/securing-debian-howto/
>
> - Henri Salo

Reply to: