How can I tell if my php is vulnerable to CVE-2011-3268
2.6.32-358.23.2.el6.i686
Centos 6.4 x64 PHP 5.3.3 httpd.i686 2.2.15-29.el6.centos I have ran yum update several times - I am 100% up to date as far as the standard repos are concerned. I am aware that CentOS / RHEL releases backport security fixes for software packages - such as Apache and PHP. I am also aware that the nature of these backport fixes do not necessarily increment the PHP and Apache reported versions. That's perfectly understandable. But there is a particular vulnerability that a PCI scan has identified on my web server: CVE-2011-3268 I know that PHP itself has addressed and patched this vulnerability. I need help determining the following three items: 1. How can I search CentOS / RHEL resources and discover when and what version of PHP or Apache was patched from vulnerability CVE-2011-xxxx? 2. Is it true as suggested here: https://bugzilla.redhat.com/show_bug.cgi?id=733744 -that CVE-2011-3268 DOES NOT EXIST in the versions of PHP that exist in the repositories of RHEL 4,5, or 6? I'm not sure I'm reading that correctly. 3. I looked in my own change log (i.e. rpm -q --changelog php) and see no mention of CVE-2011-3268. Does this mean it isn't patched, or does it mean the vulnerability does not exist? Thank you very kindly. -neodaemon |
Quote:
Quote:
Quote:
Quote:
|
Understood. Thank you very much for the reply unSpawn.
|
You're welcome.
|
All times are GMT -5. The time now is 05:56 PM. |