[php-maint] Vulnerable PHP version according to nessus

Patrick Geschke patrick.geschke at kikxxl.de
Wed Dec 28 07:56:32 UTC 2011


@Maintainers: Whats the overall Status of the package?

According to php.net 5.3.8 is stable. 


Patrick Geschke

Top Arbeitgeber 2011!
KiKxxl wurde von TOP JOB als zweitbester Arbeitgeber in Deutschland ausgezeichnet.

KiKxxl GmbH
Mindener Strasse 127
49084 Osnabrück

Tel.: 0541 / 3305 0
Fax : 0541 / 3305 100 
Mail: pgeschke at kikxxl.de
WWW : http://www.kikxxl.de

Niederlassung Bremen
Hermann-Köhl-Straße 1a
28199 Bremen

Sitz der Gesellschaft Osnabrück, 
HRB 18841, Amtsgericht Osnabrück 
Geschäftsführer Andreas Kremer

-----Ursprüngliche Nachricht-----
Von: Dave Henley [mailto:dhenley1 at live.com] 
Gesendet: Mittwoch, 28. Dezember 2011 08:59
An: debian-security at lists.debian.org
Betreff: Vulnerable PHP version according to nessus

I recently installed a Debian Squeeze system along with apache2 and PHP5.
The system is fully up-to-date and the following php packages are installed:

ii  libapache2-mod-php5                 5.3.3-7+squeeze3             server-side, HTML-embedded scripting language (Apache 2 module)
ii  php-pear                                            5.3.3-7+squeeze3             PEAR - PHP Extension and Application Repository
ii  php5                                                    5.3.3-7+squeeze3             server-side, HTML-embedded scripting language (metapackage)
ii  php5-cli                                             5.3.3-7+squeeze3             command-line interpreter for the php5 scripting language
ii  php5-common                                5.3.3-7+squeeze3             Common files for packages built from the php5 source
ii  php5-mysql                                    5.3.3-7+squeeze3             MySQL module for php5
ii  php5-suhosin                         

When I scan my system for vulnerabillities with nessus I get the follwoing high risk output:

Synopsis: The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

According to its banner, the version of PHP 5.3.x installed on the
remote host is older than 5.3.7. 

Upgrade to PHP 5.3.7 or later.

How do I solve this problem and make sure my system is not prone to any PHP vulnerabilities?


More information about the pkg-php-maint mailing list