Debian DSA-2527-1 : php5 - several vulnerabilities
Critical Nessus Plugin ID 61520
The remote Debian host is missing a security-related update.
Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2012-2688 A buffer overflow in the scandir() function could lead to denial of service or the execution of arbitrary code. - CVE-2012-3450 It was discovered that inconsistent parsing of PDO prepared statements could lead to denial of service.
Upgrade the php5 packages. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze14.