If you are responsible for a Debian or Ubuntu server and run PHP on it, make sure to run the following command to fix several security issues found in PHP:
sudo apt-get install php5-suhosin
This will make the necessary and your PHP version (security wise) will look like you have PHP 5.3.3.
What I found quite annoying in regard to this issue is the fact that it was very difficult to find a mention of this upgrade. All I could find in large number were people saying that you'd have to get an upgrade using the source code of PHP. Somehow, I did not feel like upgrading PHP from source! (Especially on the server which would require having the full development system available right on that server.)
Security Issue:
HTTPS (TCP/443)
Vulnerable PHP version: 5.3.2
CVE-2010-1868, CVE-2010-2094, CVE-2010-2225, CVE-2010-2484, CVE-2010-2531
Usual solution:
PHP should be upgraded to 5.2.14 or higher for 5.2.x, to a version higher than 5.3.3 for 5.3.x when available, and to a version higher than 6.0 dev for 6.0.x when available.
Hope this helps a few people go the easy route!
Comments
What to do
Cookies
Cookies, by themselves, are always safe. However, if you use a computer that isn't yours, make sure to always Log Out of any place you log into (i.e. if you check your mailbox at a cyber cafe.)
The problem that people do not like in regard to cookies is that it allows companies to track you movements. That allows them to better target sales to you. At least, supposedly. Frankly, I looked into it and it doesn't work as well as people think it would. Plus, if you cannot resist clicking on ads, you've got a problem that's way beyond cookies.