Hi,
Zend Server 5.6.0 uses PHP 5.3.14 - which has a number of known vulnerabilities. eg:
PHP 'phar_parse_tarfile' Integer Overflow Vulnerability - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2386
PHP '_php_stream_scandir' Overflow Vulnerability - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2688
PHP 'com_print_typeinfo' Buffer Overflow Vulnerability - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2376
PHP 'php-cgi' Information Disclosure Vulnerability - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2336
PHP 'php-wrapper.fcgi' Information Disclosure Vulnerability - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2335
PHP 'php-cgi' Command Line Argument Injection Vulnerability - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2311
I cannot find anywhere identifying whether or not these vulnerabilities have been addressed in Zend Server.
Can anyone explain how Zend makes Zend Server customers aware of which security issues have been addressed?
thanks