AW: Vulnerable PHP version according to nessus

Wed, 28 Dec 2011 00:41:54 -0800 

Hey,

@Maintainers: Whats the overall Status of the package?

According to php.net 5.3.8 is stable. 

Greetings,
Patrick

--
Patrick Geschke
Systemadministration

Top Arbeitgeber 2011!
KiKxxl wurde von TOP JOB als zweitbester Arbeitgeber in Deutschland 
ausgezeichnet.

KiKxxl GmbH
Mindener Strasse 127
49084 Osnabrück

Tel.: 0541 / 3305 0
Fax : 0541 / 3305 100 
Mail: pgesc...@kikxxl.de
WWW : http://www.kikxxl.de

Niederlassung Bremen
Hermann-Köhl-Straße 1a
28199 Bremen

Sitz der Gesellschaft Osnabrück, 
HRB 18841, Amtsgericht Osnabrück 
Geschäftsführer Andreas Kremer


-----Ursprüngliche Nachricht-----
Von: Dave Henley [mailto:dhenl...@live.com] 
Gesendet: Mittwoch, 28. Dezember 2011 08:59
An: debian-security@lists.debian.org
Betreff: Vulnerable PHP version according to nessus

I recently installed a Debian Squeeze system along with apache2 and PHP5.
The system is fully up-to-date and the following php packages are installed:

ii  libapache2-mod-php5                 5.3.3-7+squeeze3             
server-side, HTML-embedded scripting language (Apache 2 module)
ii  php-pear                                            5.3.3-7+squeeze3        
     PEAR - PHP Extension and Application Repository
ii  php5                                                    5.3.3-7+squeeze3    
         server-side, HTML-embedded scripting language (metapackage)
ii  php5-cli                                             5.3.3-7+squeeze3       
      command-line interpreter for the php5 scripting language
ii  php5-common                                5.3.3-7+squeeze3             
Common files for packages built from the php5 source
ii  php5-mysql                                    5.3.3-7+squeeze3             
MySQL module for php5
ii  php5-suhosin                                 0.9.32.1-1  

When I scan my system for vulnerabillities with nessus I get the follwoing high 
risk output:

Synopsis: The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description
According to its banner, the version of PHP 5.3.x installed on the
remote host is older than 5.3.7. 

Solution
Upgrade to PHP 5.3.7 or later.

How do I solve this problem and make sure my system is not prone to any PHP 
vulnerabilities?

Thanks,
Dave


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/8D42310D957CFB46AA11921A711D4D16057844F147@X2007.kikxxl.local

Reply via email to