I asked our security team about this. Kees Cook says this is the standard "old versions of PHP are insecure" message and that vendors back port security fixes from 5.2.5 to the version supported by your distro. <br>
<br>So, for example, if you're using Ubuntu 6.06 LTS Server, which ships with php 5.1.2, you get the benefits of security patches available to newer php versions backported. This will continue for the life of the product, which for LTS Server is 5 years from release, so June of 2011. Other vendors follow suit.
I.e. RHEL and SLES.<br><br>Make sure you're using a supported distribution.<br><br>Also, you may want to consider editing php.ini and setting<br> expose_php = Off<br><br>You can't count on security through obscurity, but every little bit is helpful.
<br><br><div class="gmail_quote">On Dec 9, 2007 12:28 PM, Ralph Kessel <<a href="mailto:kesselr1@mchsi.com">kesselr1@mchsi.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style="background-color: rgb(255, 255, 255);" bgcolor="#ffffff">
<div><font face="Arial" size="2">From php</font></div>
<div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">----- Original Message -----
<div style="background: rgb(228, 228, 228) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><b>From:</b> <a title="krishna.srikanth@tcs.com" href="mailto:krishna.srikanth@tcs.com" target="_blank">
Krishna
Srikanth</a> </div>
<div><b>To:</b> <a title="php-objects@yahoogroups.com" href="mailto:php-objects@yahoogroups.com" target="_blank">php-objects@yahoogroups.com</a> ; <a title="hyd-phpug@yahoogroups.com" href="mailto:hyd-phpug@yahoogroups.com" target="_blank">
hyd-phpug@yahoogroups.com</a> </div>
<div><b>Sent:</b> Thursday, December 06, 2007 6:17 AM</div>
<div><b>Subject:</b> [php-objects] PHP 5 vulnerabilities</div></div>
<div><br></div>
<div>
<div>
<div>
<p>Hi,<br><br>While surfing, I have found this link which said network
vulnerabilities <br>with PHP<5.2.5<br><br><a href="http://www.nessus.org/plugins/index.php?view=single&id=28181" target="_blank">http://www.nessus.org/plugins/index.php?view=single&id=28181</a><br><br>My
network administrator asked me to upgrade the PHP version on our <br>servers.
Thought to inform you too about this.<br><br>Regards,<br>Manda Krishna
Srikanth<br><a href="http://www.krishnasrikanth.com" target="_blank">http://www.krishnasrikanth.com</a><br>=====-----=====-----=====<br>Notice:
The information contained in this e-mail<br>message and/or attachments to it may
contain <br>confidential or privileged information. If you are <br>not the
intended recipient, any dissemination, use, <br>review, distribution, printing
or copying of the <br>information contained in this e-mail message <br>and/or
attachments to it are strictly prohibited. If <br>you have received this
communication in error, <br>please notify us by reply e-mail or telephone and
<br>immediately and permanently delete the message <br>and any attachments.
Thank you<br><br>[Non-text portions of this message have been
removed]<br><br></p></div>__._,_.___
<div><a href="http://groups.yahoo.com/group/php-objects/message/6303;_ylc=X3oDMTM0ODVjZmI3BF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BG1zZ0lkAzYzMTUEc2VjA2Z0cgRzbGsDdnRwYwRzdGltZQMxMTk2OTQzNDU4BHRwY0lkAzYzMDM-" target="_blank">
Messages
in this topic </a>(0) <a href="http://groups.yahoo.com/group/php-objects/post;_ylc=X3oDMTJwMmpzOTMyBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BG1zZ0lkAzYzMTUEc2VjA2Z0cgRzbGsDcnBseQRzdGltZQMxMTk2OTQzNDU4?act=reply&messageNum=6315" target="_blank">
Reply (via web post) </a>| <a href="http://groups.yahoo.com/group/php-objects/post;_ylc=X3oDMTJldW9jbnA3BF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA250cGMEc3RpbWUDMTE5Njk0MzQ1OA--" target="_blank">
Start
a new topic </a></div>
<div><a href="http://groups.yahoo.com/group/php-objects/messages;_ylc=X3oDMTJlMmtrM2FqBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA21zZ3MEc3RpbWUDMTE5Njk0MzQ1OA--" target="_blank">Messages
</a>
| <a href="http://groups.yahoo.com/group/php-objects/links;_ylc=X3oDMTJmdmI5MXVuBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA2xpbmtzBHN0aW1lAzExOTY5NDM0NTg-" target="_blank">Links</a>
</div>
<div>PHP Professionals
looking for PHP jobs<br><a href="http://www.phpclasses.org/professionals/" target="_blank">http://www.phpclasses.org/professionals/</a>
</div>
<div><a href="http://groups.yahoo.com/;_ylc=X3oDMTJkNHE5NXZrBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA2dmcARzdGltZQMxMTk2OTQzNDU4" target="_blank"><img alt="Yahoo! Groups" border="0" height="15" width="106">
</a> <br><a href="http://groups.yahoo.com/group/php-objects/join;_ylc=X3oDMTJmMDVlZjVuBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA3N0bmdzBHN0aW1lAzExOTY5NDM0NTg-" target="_blank">Change
settings via the Web</a> (Yahoo! ID required) <br>Change settings via email: <a href="mailto:php-objects-digest@yahoogroups.com?subject=Email+Delivery:+Digest" target="_blank">Switch
delivery to Daily Digest</a> | <a href="mailto:php-objects-traditional@yahoogroups.com?subject=Change+Delivery+Format:+Traditional" target="_blank">Switch
format to Traditional</a> <br><a href="http://groups.yahoo.com/group/php-objects;_ylc=X3oDMTJkbzYxN2pvBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwNmdHIEc2xrA2hwZgRzdGltZQMxMTk2OTQzNDU4" target="_blank">
Visit
Your Group </a>| <a href="http://docs.yahoo.com/info/terms/" target="_blank">Yahoo! Groups Terms
of Use </a>| <a href="mailto:php-objects-unsubscribe@yahoogroups.com?subject=" target="_blank">Unsubscribe
</a></div></div>
<div>
<div>
<div>Recent Activity</div>
<ul>
<li>
<div> 23</div>
<div><a href="http://groups.yahoo.com/group/php-objects/members;_ylc=X3oDMTJmZjdja2x0BF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwN2dGwEc2xrA3ZtYnJzBHN0aW1lAzExOTY5NDM0NTg-" target="_blank">New
Members</a></div></li></ul><a href="http://groups.yahoo.com/group/php-objects;_ylc=X3oDMTJlN25lcmoxBF9TAzk3MzU5NzE0BGdycElkAzIwMzE1NjQEZ3Jwc3BJZAMxNzA1MDA2NzY0BHNlYwN2dGwEc2xrA3ZnaHAEc3RpbWUDMTE5Njk0MzQ1OA--" target="_blank">
Visit
Your Group </a></div>
<div>
<div>
<div>Yahoo! Finance</div>
<p><a href="http://us.ard.yahoo.com/SIG=12jo98p99/M=493064.10729649.11333340.8674578/D=groups/S=1705006764:NC/Y=YAHOO/EXP=1196950658/A=4507179/R=0/SIG=12de4rskk/*http://us.rd.yahoo.com/evt=50284/*http://finance.yahoo.com/personal-finance" target="_blank">
It's
Now Personal</a></p>
<p>Guides, news,</p>
<p>advice & more.</p></div>
<div>
<div>New web site?</div>
<p><a href="http://us.ard.yahoo.com/SIG=12jfesetk/M=493064.10729656.11333347.8674578/D=groups/S=1705006764:NC/Y=YAHOO/EXP=1196950658/A=3848642/R=0/SIG=131eshi2t/*http://searchmarketing.yahoo.com/arp/srchv2.php?o=US2004&cmp=Yahoo&ctv=Groups3&s=Y&s2=&s3=&b=50" target="_blank">
Drive
traffic now.</a></p>
<p>Get your business</p>
<p>on Yahoo! search.</p></div>
<div>
<div>Yahoo! Groups</div>
<p><a href="http://us.ard.yahoo.com/SIG=12kv59tjf/M=493064.11675218.12153349.11323196/D=groups/S=1705006764:NC/Y=YAHOO/EXP=1196950658/A=4840952/R=0/SIG=11n59vup4/*http://advision.webevents.yahoo.com/healthandfitness/" target="_blank">
Health
& Fitness</a></p>
<p>Find and share</p>
<p>weight loss tips.</p></div></div></div>
<div>.</div></div><img height="1" width="1"> <br>__,_._,___
</div>
<br>_______________________________________________<br>Cialug mailing list<br><a href="mailto:Cialug@cialug.org">Cialug@cialug.org</a><br><a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug
</a><br><br></blockquote></div><br><br clear="all"><br>-- <br>Matthew Nuzum<br>newz2000 on freenode