There is an important Debian update for PHP today to fix a number of vulnerabilities such as regression and buffer overflows. The crypt_blowfish function also had a bug that did not properly handle 8-bit characters, which could lead to passwords being cracked easier. This is one of the larger security fixes for PHP in the past year, so you should update your PHP package immediately.

Package        : php5

Vulnerability  : several

Problem type   : remote

Debian-specific: no

CVE ID         : CVE-2011-1938 CVE-2011-2483 CVE-2011-4566 CVE-2011-4885

CVE-2012-0057

 

A regression was found in the fix for PHP’s XSLT transformations (CVE-2012-0057). Updated packages are now available to address this regression. …

There is a PHPMyAdmin update today for Debian. It fixes XSS bug in the table tracking feature and an XML import plugin vulnerability.  The stable version of Debian (squeeze) and testing (wheezy) are affected.

Package        : phpmyadmin

Vulnerability  : several

Problem type   : remote

Debian-specific: no

CVE ID         : CVE-2011-1940 CVE-2011-3181 CVE-2011-4107

Debian Bug     : 656247

 

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

 

CVE-2011-4107

 

The XML import plugin allowed a remote attacker to read arbitrary

files via XML data containing external entity references.

 

CVE-2011-1940, CVE-2011-3181

 

Cross site scripting was possible in the table tracking …

If you are running on a server with limited space (e.g. VPS), you might need to manually clear out the Debian apt cache via this command:
apt-get clean

Or, keep the current version of the software:
apt-get autoclean

This will clean the files stored in:
/var/cache/apt/archives/

Debian Lenny EOL in two months. Security support for Debian GNU/Linux 5.0 (code name “lenny”) will end 2/6/2012.  If you are still using Lenny, you should run a distribution update to Squeeze in the next 60 days.

The Debian project released Debian GNU/Linux 6.0 alias “squeeze” on the 6th of February 2011. Users and distributors have been given a one-year timeframe to upgrade their old installations to the current stable release. Hence, the security support for the old release of 5.0 is going to end on the 6th of February 2012 as …

I completed an upgrade of Debian Lenny to Squeeze on a production database server over the weekend. It went quite well and I had zero downtime thanks to my secondary database servers running in-place. One of the biggest benefits to running Squeeze is that MySQL runs at version 5.1.49. Lenny only supports up to MySQL 5.0.

Row-based-replication is safer to replicate data to other servers since all changes are replicated. Prior to MySQL 5.1.14, updates to the mySQL database were not replicated. They were updated via statements (e.g. GRANT, REVOKE). This can potentially cause data-consistency between the master and …