Hi,
we use Hackerguardian scan-services and today we got this mail:
Security hole found on port/service "http (80/tcp)"
Plugin "PHP < 5.2.4 Multiple Vulnerabilities"
Category "Common gateway interface"Priority Ranking "Urgent"
Synopsis : The remote web server uses a version of PHP that is affected by multiple flaws. Description : According to its banner, the version of PHP installed on the remote host is older than 5.2.4. Such versions may be affected by various issues, including but not limited to several overflows. See also : http://www.php.net/releases/5_2_4.php
Solution : Upgrade to PHP version 5.2.4 or later.
Risk factor : High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-2872, CVE-2007-3378, CVE-2007-3806 BID : 24661, 24261, 24922, 25498
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Security hole found on port/service "https (443/tcp)"
Plugin "PHP < 5.2.4 Multiple Vulnerabilities"
Category "Common gateway interface"Priority Ranking "Urgent"
Synopsis : The remote web server uses a version of PHP that is affected by multiple flaws. Description : According to its banner, the version of PHP installed on the remote host is older than 5.2.4. Such versions may be affected by various issues, including but not limited to several overflows. See also : http://www.php.net/releases/5_2_4.php
Solution : Upgrade to PHP version 5.2.4 or later.
Risk factor : High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE : CVE-2007-2872, CVE-2007-3378, CVE-2007-3806 BID : 24661, 24261, 24922, 25498
My question now: is it possible to you to upgrade Debian 4.0-PHP-packages to PHP 5.2.4?
thx,
Damian