Depending on your aim with your www-serv, check out suhosin.org. Some patches that harden PHP when used in multi-user envs.
Sent from my iPhone On 28 Dec 2011, at 13:45, Dave Henley <[email protected]> wrote: thanks.... Dave > Date: Wed, 28 Dec 2011 15:31:53 +0200 > From: [email protected] > To: [email protected] > CC: [email protected]; [email protected]; [email protected] > Subject: Re: Vulnerable PHP version according to nessus > > On Wed, Dec 28, 2011 at 12:53:13PM +0000, Dave Henley wrote: > > Thnaks, I checked the CVE`s against the changelogs and approx. 50% is covered. > > Is there a website of some sort to check what kind of CVE`s have been patched? > > If nessus does not provide a reliable report, what is the best next step to take here? > > Are there any howto`s or tutorials on howto secure a php installation on a debian system? > > Any suggestions would be very helpful. > > Update all software in your www-server. Some useful links: > > http://security-tracker.debian.org/tracker/ > http://www.debian.org/doc/manuals/securing-debian-howto/ > > - Henri Salo
