[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Vulnerable PHP version according to nessus



I recently installed a Debian Squeeze system along with apache2 and PHP5.
The system is fully up-to-date and the following php packages are installed:

ii  libapache2-mod-php5                 5.3.3-7+squeeze3             server-side, HTML-embedded scripting language (Apache 2 module)
ii  php-pear                                            5.3.3-7+squeeze3             PEAR - PHP Extension and Application Repository
ii  php5                                                    5.3.3-7+squeeze3             server-side, HTML-embedded scripting language (metapackage)
ii  php5-cli                                             5.3.3-7+squeeze3             command-line interpreter for the php5 scripting language
ii  php5-common                                5.3.3-7+squeeze3             Common files for packages built from the php5 source
ii  php5-mysql                                    5.3.3-7+squeeze3             MySQL module for php5
ii  php5-suhosin                                 0.9.32.1-1 

When I scan my system for vulnerabillities with nessus I get the follwoing high risk output:

Synopsis: The remote web server uses a version of PHP that is affected by
multiple vulnerabilities.

Description
According to its banner, the version of PHP 5.3.x installed on the
remote host is older than 5.3.7.

Solution
Upgrade to PHP 5.3.7 or later.

How do I solve this problem and make sure my system is not prone to any PHP vulnerabilities?

Thanks,
Dave

Reply to: