9 May
2012
9 May
'12
5:08 p.m.
Hello,
On Wed, May 09, 2012 at 05:26:35PM +0100, Adam Spiers wrote:
I see a couple of scans in my logs from a few days
ago. Am I right in
thinking the only Debian fix available is in sid?
I haven't looked into it much as I don't run PHP in CGI mode
anywhere (FastCGI is OK), but it seems that this is the case.
http://security-tracker.debian.org/tracker/CVE-2012-1823
Note that there is a workaround described in
which blocks requests that have query strings that start with '-'.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting