I recently installed a Debian Squeeze system along with apache2 and PHP5.
The system is fully up-to-date and the following php packages are installed:
ii libapache2-mod-php5 5.3.3-7+squeeze3
server-side, HTML-embedded scripting language (Apache 2 module)
ii php-pear 5.3.3-7+squeeze3
PEAR - PHP Extension and Application Repository
ii php5 5.3.3-7+squeeze3
server-side, HTML-embedded scripting language (metapackage)
ii php5-cli 5.3.3-7+squeeze3
command-line interpreter for the php5 scripting language
ii php5-common 5.3.3-7+squeeze3
Common files for packages built from the php5 source
ii php5-mysql 5.3.3-7+squeeze3
MySQL module for php5
ii php5-suhosin 0.9.32.1-1
When I scan my system for vulnerabillities with nessus I get the follwoing high
risk output:
Synopsis: The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.
Description
According to its banner, the version of PHP 5.3.x installed on the
remote host is older than 5.3.7.
Solution
Upgrade to PHP 5.3.7 or later.
How do I solve this problem and make sure my system is not prone to any PHP
vulnerabilities?
Thanks,
Dave
