rkhunter is reporting PHP (4.3.10) as "Vulnerable" on my server. I've
seen no GLSA's about it but 4.3.11 came out a week or so ago purporting
to fix some minor security issues [1]. It looks like at least two of
those minor issues are DoS attacks [2].
There are a couple of bugs open in bugzilla, but one of the PHP
maintainers seems a bit reluctant to update the ebuild (some obscure
reference to the "state of PHP" and busy at Uni).
Does anyone know if these security issues/DoS are remotely exploitable
or potentially serious? I use it for SquirrelMail.
[1] http://www.php.net/release_4_3_11.php
[2] http://www.idefense.com/application/poi/display?id=222
Regards,
--
Darren Davison
Public Key: 0xDD356B0D
seen no GLSA's about it but 4.3.11 came out a week or so ago purporting
to fix some minor security issues [1]. It looks like at least two of
those minor issues are DoS attacks [2].
There are a couple of bugs open in bugzilla, but one of the PHP
maintainers seems a bit reluctant to update the ebuild (some obscure
reference to the "state of PHP" and busy at Uni).
Does anyone know if these security issues/DoS are remotely exploitable
or potentially serious? I use it for SquirrelMail.
[1] http://www.php.net/release_4_3_11.php
[2] http://www.idefense.com/application/poi/display?id=222
Regards,
--
Darren Davison
Public Key: 0xDD356B0D