Debian 5 php5 package has serious security issues as follows:
To prevent Denial of Service attacks by exhausting the number of available temporary file names, the max_file_uploads option introduced in PHP 5.3.1 has been backported.
Due to the nature of this new option a default limit has been set to 50, hoping it is sensible enough to not to cause disruptions on existing services. The value of this new limit can be changed in the php.ini file.
If you installed the php5-suhosin extension there was a limiting mechanism in place already. In this case you may want to make sure the new limit imposed by PHP itself is not smaller than suhosin's.
- CVE-2009-2687: DoS via malformed JPEG images with invalid offset fields (Closes: #535888)
- CVE-2009-2626: remote memory disclosure via ini_* functions (Closes: #540605)
- CVE-2009-3292: multiple missing checks processing exif image data
- CVE-2009-3291: improper handling of nul character in CommonName fields of X509 certificates
- max_file_uploads: prevent, by limiting, temporary files exhaustion DoS
- Add an entry to debian/NEWS about the new per-request file uploads limit
How Do I Fix This Problem?
Type the following command:
# aptitude full-upgrade
Restart / reload web server:
# /etc/init.d/apache2 restart
OR
# /etc/init.d/lighttpd restart
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 2 comments… read them below or add one }
You should add a reference to the original advisory and make clear that part of the text was quoted, instead of making it look as your own.
Nice article. I’ll give it a try
Thanks for sharing.