Friday, February 3rd, 2012
A few hours ago, PHP 5.3.10 has been released by the PHP Group. It's an important security update for PHP 5.3.9 users : Stefan Esser discovered a remotely exploitable bug, introduced with PHP 5.3.9's max_input_vars directive (CVE-2012-0830). You really should upgrade as soon as possible.
Packages of PHP 5.3.10 are now available ...
Posted in PHP | 8 Comments »
Tuesday, January 24th, 2012
A few days ago, Stefan Esser discovered a buffer overflow in the "transparent cookie encryption stack" of the Suhosin extension. Here is the full advisory.
If you previously installed the php5-suhosin package, you should upgrade to its fixed new version (0.9.33) by running :
apt-get update
apt-get install --reinstall php5-suhosin
Posted in PHP | 17 Comments »
Thursday, December 8th, 2011
The Debian project has announced in a security advisory (DSA-2360-1) that the security support for Debian GNU/Linux 5.0 "Lenny" will be terminated in february 2012 :
This is an advance notice that security support for Debian GNU/Linux 5.0
(code name "lenny") will be terminated in two months.
The Debian project released Debian ...
Posted in Miscellaneous | 4 Comments »
Saturday, April 9th, 2011
On March 17th, the PHP Group released PHP 5.3.6. This maintainance release, that focuses on security, is now available on Dotdeb for Debian 6.0 "Squeeze" in amd64 and i386 flavours.
The compatibility with the official Debian packages has been improved and you (especially the FPM users) should really take care of some ...
Posted in PHP | 109 Comments »
Friday, January 7th, 2011
A few days after releasing PHP 5.3.4 and PHP 5.2.16, the PHP group announced an important security update with PHP 5.3.5 and PHP 5.2.17 :
This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang ...
Posted in PHP | 23 Comments »
Sunday, December 5th, 2010
MySQL 5.1.53 packages for Debian 5.0 « Lenny » are now available on Dotdeb in amd64/i386 flavours. Please note that they're available as preview for Squeeze too.
This maintainance release fixes many bugs and security issues. Upgrading is strongly recommended after having read the Changelogs here and here.
Posted in MySQL | 4 Comments »
Tuesday, October 5th, 2010
MySQL versions prior to 5.1.51 (including 5.1.50) suffer from a vulnerability in the processing of arguments passed to the LEAST()or GREATEST() functions. This issue could be exploited by a malicious user to cause a server crash, leading to a DoS condition.
You really should upgrade your Lenny servers (amd64 or i386) with the ...
Posted in MySQL | 15 Comments »
Sunday, July 11th, 2010
After many requests from several users and after many months of promise, the Dotdeb repositories are GPG-signed. Yes, you can now get rid of the annoying "WARNING: The following packages cannot be authenticated!" message!
Waiting for a dotdeb-keyring package, you just have to get the key and add it to your trusted ...
Posted in Miscellaneous | 57 Comments »
Tuesday, May 25th, 2010
MySQL 5.1.47 is now available on Dotdeb for your Lenny servers, in amd64 and i386 flavours.
This is a security-oriented release that fixes some serious flaws... Please read full changelog for more information.
Please also note that the InnoDB plugin has been upgraded to version 1.0.8 and is now considered of General Availability ...
Posted in MySQL | 4 Comments »
Tuesday, May 4th, 2010
According to Stefan Esser, author of the Suhosin patch, May 2010 will be the "Month of PHP Security" :
This initiative continues the effort of Hardened-PHP's Month of PHP Bugs in 2007 to improve the security of PHP and the PHP ecosystem by disclosing vulnerabilities in PHP and PHP applications on ...
Posted in PHP | 4 Comments »
