SynopsisThe remote Debian host is missing a security-related update.
DescriptionDe Eindbazen discovered that PHP, when run with mod_cgi, will interpret a query string as command line parameters, allowing to execute arbitrary code.
Additionally, this update fixes insufficient validation of upload name which lead to corrupted $_FILES indices.
SolutionUpgrade the php5 packages.
For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze9.