A few days ago, Stefan Esser discovered a buffer overflow in the “transparent cookie encryption stack” of the Suhosin extension. Here is the full advisory. If you previously installed the php5-suhosin package, you should upgrade to its fixed new version (0.9.33) by running : apt-get update apt-get install –reinstall php5-suhosin A few days ago, Stefan… Read more »
Monthly Archives:: January 2012
Percona toolkit 2.0.2
A few days ago, Percona has released a major version of their Percona toolkit (formerly named Maatkit), bringing a lot of improvements, especially on pt-table-checksum. Baron Schwartz wrote a post about it. Percona toolkit 2.0.2 is now available on Dotdeb for : both Debian 6.0 “Squeeze” and Debian 5.0 “Lenny” both amd64 and i386 architectures A… Read more »
Redis 2.4.6
Redis 2.4.6 has been released with these changes : [BUGFIX] Fixed issue #141 part 1: Possible protocol desyncs when clients send wrong protocol is now fixed. (See issue 141 for more details) [BUGFIX] Fixed issue #141 part 2: Connection of multiple slaves used to result from time to time into corrupted protocol send to slaves… Read more »
PHP 5.3.9
On january 10th 2012, the PHP group has released PHP 5.3.9, that brings over 90 bug fixes, some of which are security related : Security Enhancements and Fixes in PHP 5.3.9: Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885) Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566) Key… Read more »