Just did another nessus scan on my home system and came up with this.
Repo's only show (currently installed) version 5.2.4-2ubuntu5.3. Current on PHP site is 5.2.6. Is there a repository I do not have enabled or is there just no binary for it yet? If not available for adept then should I install from source? Just trying to tighten things up from a security standpoint. Thanks for any help/advice.
namopereht
Code:
PHP < 5.2.6 Multiple Vulnerabilities Synopsis : The remote web server uses a version of PHP that is affected by multiple flaws. Description : According to its banner, the version of PHP installed on the remote host is older than 5.2.6. Such versions may be affected by the following issues : - A stack buffer overflow in FastCGI SAPI. - An integer overflow in printf(). - An security issue arising from improper calculation of the length of PATH_TRANSLATED in cgi_main.c. - A safe_mode bypass in cURL. - Incomplete handling of multibyte chars inside escapeshellcmd(). - Issues in the bundled PCRE fixed by version 7.6. See also : [url]http://archives.neohapsis.com/archives/bugtraq/2008-03/0321.html[/url] [url]http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html[/url] [url]http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0107.html[/url] [url]http://www.php.net/releases/5_2_6.php[/url] Solution : Upgrade to PHP version 5.2.6 or later.
namopereht
Comment