A few days ago, Stefan Esser discovered a buffer overflow in the “transparent cookie encryption stack” of the Suhosin extension. Here is the full advisory.
If you previously installed the php5-suhosin package, you should upgrade to its fixed new version (0.9.33) by running :
apt-get update apt-get install --reinstall php5-suhosin
A few days ago, Percona has released a major version of their Percona toolkit (formerly named Maatkit), bringing a lot of improvements, especially on pt-table-checksum. Baron Schwartz wrote a post about it.
Percona toolkit 2.0.2 is now available on Dotdeb for :
Redis 2.4.6 has been released with these changes :
On january 10th 2012, the PHP group has released PHP 5.3.9, that brings over 90 bug fixes, some of which are security related :
Security Enhancements and Fixes in PHP 5.3.9:
- Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
- Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)
Key enhancements in PHP 5.3.9 include:
- Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
- Fixed bug #55609 (mysqlnd cannot be built shared)
- Many changes to the FPM SAPI module
PHP 5.3.9 is now available on Dotdeb for :
As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.
[edit] the packages have been updated to fix some Suhosin- and strtotime()-related issues. You really should upgrade at least :