All my Ubuntu boxes (that I can currently access, that is) have back-port fixes, so all good. Thanks for the heads up Al.<div><br clear="all">Kind regards<br><br>Murray Crane<br><br>
<br><br><div class="gmail_quote">On 9 May 2012 16:35, Alan Pope <span dir="ltr">&lt;<a href="mailto:alan@popey.com" target="_blank">alan@popey.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On 9 May 2012 07:56, Murray Crane &lt;<a href="mailto:murray.crane@gmail.com">murray.crane@gmail.com</a>&gt; wrote:<br>
&gt; I&#39;m running latest WP on Ubuntu LTS (10.04) using PHP5-CGI and lighttpd. I<br>
&gt; know full well that my PHP5 will be vulnerable (v5.3.2, damn you Ubuntu;<br>
&gt; CATCH UP FOR F**KS SAKE!!!), but I don&#39;t know how to go about securing it in<br>
&gt; lighty (if I even need to). I do know that if I point a browser at<br>
&gt; &quot;index.php?-s&quot;, I get the front page of my blog back (as if I had left the<br>
&gt; &quot;?-s&quot; off) and not anything that would scream &quot;VULNERABLE!!!&quot; at me.<br>
&gt;<br>
<br>
</div>You sure about Ubuntu not putting an update out?<br>
<br>
<a href="https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15" target="_blank">https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15</a>  suggests otherwise.<br>
<br>
Announce went out some days back, and the new packages were already available.<br>
<br>
<a href="https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-May/001678.html" target="_blank">https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-May/001678.html</a><br>
<br>
Al.<br>
</blockquote></div><br></div>