[Cialug] Fw: [php-objects] PHP 5 vulnerabilities
Matthew Nuzum
newz at bearfruit.org
Mon Dec 10 11:06:53 CST 2007
I asked our security team about this. Kees Cook says this is the standard
"old versions of PHP are insecure" message and that vendors back port
security fixes from 5.2.5 to the version supported by your distro.
So, for example, if you're using Ubuntu 6.06 LTS Server, which ships with
php 5.1.2, you get the benefits of security patches available to newer php
versions backported. This will continue for the life of the product, which
for LTS Server is 5 years from release, so June of 2011. Other vendors
follow suit. I.e. RHEL and SLES.
Make sure you're using a supported distribution.
Also, you may want to consider editing php.ini and setting
expose_php = Off
You can't count on security through obscurity, but every little bit is
helpful.
On Dec 9, 2007 12:28 PM, Ralph Kessel <kesselr1 at mchsi.com> wrote:
> From php
> ----- Original Message ----- *From:* Krishna Srikanth<krishna.srikanth at tcs.com>
> *To:* php-objects at yahoogroups.com ; hyd-phpug at yahoogroups.com
> *Sent:* Thursday, December 06, 2007 6:17 AM
> *Subject:* [php-objects] PHP 5 vulnerabilities
>
> Hi,
>
> While surfing, I have found this link which said network vulnerabilities
> with PHP<5.2.5
>
> http://www.nessus.org/plugins/index.php?view=single&id=28181
>
> My network administrator asked me to upgrade the PHP version on our
> servers. Thought to inform you too about this.
>
> Regards,
> Manda Krishna Srikanth
> http://www.krishnasrikanth.com
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
> [Non-text portions of this message have been removed]
>
> __._,_.___ Messages in this topic
> <http://groups.yahoo.com/group/php-objects/message/6303;_ylc=X3oDMTM0ODVjZmI3BF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BG1zZ0lkAzYzMTUEc2VjA2Z0cgRzbGsDdnRwYwRzdGltZQMxMTk2OTQzNDU4BHRwY0lkAzYzMDM->(0)
> Reply (via web post)
> <http://groups.yahoo.com/group/php-objects/post;_ylc=X3oDMTJwMmpzOTMyBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BG1zZ0lkAzYzMTUEc2VjA2Z0cgRzbGsDcnBseQRzdGltZQMxMTk2OTQzNDU4?act=reply&messageNum=6315>|
> Start a new topic
> <http://groups.yahoo.com/group/php-objects/post;_ylc=X3oDMTJldW9jbnA3BF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA250cGMEc3RpbWUDMTE5Njk0MzQ1OA-->
> Messages<http://groups.yahoo.com/group/php-objects/messages;_ylc=X3oDMTJlMmtrM2FqBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA21zZ3MEc3RpbWUDMTE5Njk0MzQ1OA-->|
> Links<http://groups.yahoo.com/group/php-objects/links;_ylc=X3oDMTJmdmI5MXVuBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA2xpbmtzBHN0aW1lAzExOTY5NDM0NTg->
> PHP Professionals looking for PHP jobs
> http://www.phpclasses.org/professionals/
> [image: Yahoo! Groups]<http://groups.yahoo.com/;_ylc=X3oDMTJkNHE5NXZrBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA2dmcARzdGltZQMxMTk2OTQzNDU4>
> Change settings via the Web<http://groups.yahoo.com/group/php-objects/join;_ylc=X3oDMTJmMDVlZjVuBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA3N0bmdzBHN0aW1lAzExOTY5NDM0NTg->(Yahoo! ID required)
> Change settings via email: Switch delivery to Daily Digest<php-objects-digest at yahoogroups.com?subject=Email+Delivery:+Digest>| Switch
> format to Traditional<php-objects-traditional at yahoogroups.com?subject=Change+Delivery+Format:+Traditional>
> Visit Your Group
> <http://groups.yahoo.com/group/php-objects;_ylc=X3oDMTJkbzYxN2pvBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA2hwZgRzdGltZQMxMTk2OTQzNDU4>|
> Yahoo! Groups Terms of Use <http://docs.yahoo.com/info/terms/>| Unsubscribe
> <php-objects-unsubscribe at yahoogroups.com?subject=>
> Recent Activity
>
> - 23
> New Members<http://groups.yahoo.com/group/php-objects/members;_ylc=X3oDMTJmZjdja2x0BF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwN2dGwEc2xrA3ZtYnJzBHN0aW1lAzExOTY5NDM0NTg->
>
> Visit Your Group
> <http://groups.yahoo.com/group/php-objects;_ylc=X3oDMTJlN25lcmoxBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwN2dGwEc2xrA3ZnaHAEc3RpbWUDMTE5Njk0MzQ1OA-->
> Yahoo! Finance
>
> It's Now Personal<http://us.ard.yahoo.com/SIG=12jo98p99/M=493064.10729649.11333340.8674578/D=groups/S=1705006764:NC/Y=YAHOO/EXP=1196950658/A=4507179/R=0/SIG=12de4rskk/*http://us.rd.yahoo.com/evt=50284/*http://finance.yahoo.com/personal-finance>
>
> Guides, news,
>
> advice & more.
> New web site?
>
> Drive traffic now.<http://us.ard.yahoo.com/SIG=12jfesetk/M=493064.10729656.11333347.8674578/D=groups/S=1705006764:NC/Y=YAHOO/EXP=1196950658/A=3848642/R=0/SIG=131eshi2t/*http://searchmarketing.yahoo.com/arp/srchv2.php?o=US2004&cmp=Yahoo&ctv=Groups3&s=Y&s2=&s3=&b=50>
>
> Get your business
>
> on Yahoo! search.
> Yahoo! Groups
>
> Health & Fitness<http://us.ard.yahoo.com/SIG=12kv59tjf/M=493064.11675218.12153349.11323196/D=groups/S=1705006764:NC/Y=YAHOO/EXP=1196950658/A=4840952/R=0/SIG=11n59vup4/*http://advision.webevents.yahoo.com/healthandfitness/>
>
> Find and share
>
> weight loss tips.
> .
>
> __,_._,___
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
>
--
Matthew Nuzum
newz2000 on freenode
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20071210/98bd4c7a/attachment.htm
More information about the Cialug
mailing list