Announcement

Collapse
No announcement yet.

PHP Question - Solved

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    PHP Question - Solved

    Just did another nessus scan on my home system and came up with this.
    Code:
    PHP < 5.2.6 Multiple Vulnerabilities
    
    Synopsis :
    
    The remote web server uses a version of PHP that is affected by
    multiple flaws.
    
    Description :
    
    According to its banner, the version of PHP installed on the remote
    host is older than 5.2.6. Such versions may be affected by the
    following issues :
    
    - A stack buffer overflow in FastCGI SAPI.
    
    - An integer overflow in printf().
    
    - An security issue arising from improper calculation
    of the length of PATH_TRANSLATED in cgi_main.c.
    
    - A safe_mode bypass in cURL.
    
    - Incomplete handling of multibyte chars inside
    escapeshellcmd().
    
    - Issues in the bundled PCRE fixed by version 7.6.
    
    See also :
    
    [url]http://archives.neohapsis.com/archives/bugtraq/2008-03/0321.html[/url]
    [url]http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html[/url]
    [url]http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0107.html[/url]
    [url]http://www.php.net/releases/5_2_6.php[/url]
    
    Solution :
    
    Upgrade to PHP version 5.2.6 or later.
    Repo's only show (currently installed) version 5.2.4-2ubuntu5.3. Current on PHP site is 5.2.6. Is there a repository I do not have enabled or is there just no binary for it yet? If not available for adept then should I install from source? Just trying to tighten things up from a security standpoint. Thanks for any help/advice.

    namopereht

    #2
    Re: PHP Question

    Well, I finally just decided to download the source and compile myself. Read the INSTALL file in the 5.2.6 source file and found this:

    If you need more recent packages of PHP than the Debian's stable ones
    or if some PHP modules lacks the Debian official repository, perhaps
    you should take a look at http://www.apt-get.org/. One of the results
    found should be Dotdeb. This unofficial repository is maintained by
    Guillaume Plessis and contains Debian packages of the most recent
    versions of PHP 4 and PHP 5. To use it, just add the to following two
    lines to your /etc/apt/sources.lists and run apt-get update :

    Example 2-7. The two Dotdeb related lines
    deb http://packages.dotdeb.org stable all
    deb-src http://packages.dotdeb.org stable all
    Added the repository and presto! There were the 5.2.6 packages and modules ready for upgrade. All seem to have upgraded properly and happiness prevails!

    namopereht

    Comment

    Working...
    X