[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnewsense-dev] php-cgi worm vulnerability
From: |
Sam Geeraerts |
Subject: |
Re: [Gnewsense-dev] php-cgi worm vulnerability |
Date: |
Tue, 3 Dec 2013 17:34:42 +0100 |
Op Tue, 3 Dec 2013 08:54:20 -0500
schreef dww <address@hidden>:
> Here is a link to an article about the Linux.Darlloz worm in which
> they said the vulnerability was fixed in May, 2012.
>
> http://www.gmanetwork.com/news/story/337833/scitech/technology/beware-of-new-worm-targeting-linux-pcs-symantec
>
> In the gnewsense distro we have php5-cgi 5.3.3-7
> +squeeze16(stable-security).
>
> I looked at the Debian changelog:
>
> http://ftp-master.metadata.debian.org/changelogs//main/p/php5/php5_5.3.3-7+squeeze17_changelog
>
> I could not tell which change fixed it, is it the 8 May 2012 fix?
CVE-2012-1823 [1] was indeed fixed on 2012-05-08.
[1] http://www.securityfocus.com/bid/53388