Dear debĂan:
Please help me in the doubt. I have installed php5 in debian squezze (2.6.32-5-686 , 6.0.3) Version PHP5: 5.3.3-7+squeeze3, but recently I review my server with security tool : Nessus. The tool say me that php5.3.3.7 is vulnerable. Synopsis: The remote web server uses a version of PHP that is affected by multiple vulnerabilities. Description According to its banner, the version of PHP 5.3.x installed on the remote host is older than 5.3.7. The new version resolves the following issues : - A stack buffer overflow in socket_connect(). (CVE-2011-1938) - A use-after-free vulnerability in substr_replace(). (CVE-2011-1148) - A code execution vulnerability in ZipArchive::addGlob(). (CVE-2011-1657) - crypt_blowfish was updated to 1.2. (CVE-2011-2483) - Multiple null pointer dereferences. (CVE-2011-3182) - An unspecified crash in error_log(). (CVE-2011-3267) - A buffer overflow in crypt(). (CVE-2011-3268) Solution Upgrade to PHP 5.3.7 or later. But I do apt-get update and not there are new packets by php5, how install the new version?? My source list File have: deb http://ftp.us.debian.org/debian/ squeeze main deb-src http://ftp.us.debian.org/debian/ squeeze main deb http://security.debian.org/ squeeze/updates main deb-src http://security.debian.org/ squeeze/updates main deb http://ftp.us.debian.org/debian/ squeeze-updates main deb-src http://ftp.us.debian.org/debian/ squeeze-updates main please helpme. Best regards . Thank Jorge Treminio. TIC department.
<<image001.gif>>