Hi, I have the following Errors
=================== Dec 27 05:20:06 primary suhosin[15840]: ALERT - canary mismatch on efree() - heap overflow detected at 0x7f77bd4e7618 (attacker 'REMOTE_ADDR not set', file '/var/www/gopher/app/wo/Services/gopher/database/database.php', line 42) Dec 27 05:20:06 primary suhosin[15823]: ALERT - canary mismatch on efree() - heap overflow detected at 0x7f77bd4e7618 (attacker 'REMOTE_ADDR not set', file '/var/www/gopher/app/wo/Services/gopher/database/database.php', line 42) Dec 27 05:30:17 primary shutdown[17338]: shutting down for system reboot Dec 30 04:33:00 primary suhosin[22322]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'g' (attacker '91.98.99.162', file '/var/www/gopher/web/index.php') Dec 31 16:03:24 primary suhosin[32496]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'app' (attacker '72.167.203.208', file '/var/www/gopher/web/index.php') Dec 31 16:03:24 primary suhosin[1899]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'app' (attacker '72.167.203.208', file '/var/www/gopher/web/index.php' =================== in my /var/log/user.log Searching h internet brings me to this detailed explanation http://www.suspekt.org/2008/10/12/suhosin-canary-mismatch-on-efree-heap-overflow-detected/ My System details are ============= Linux primary 2.6.32-5-amd64 #1 SMP Fri Dec 10 15:35:08 UTC 2010 x86_64 GNU/Linux u...@primary:/var/log$ dpkg -l |grep php ii libapache2-mod-php5 5.3.3-6 server-side, HTML-embedded scripting language (Apache 2 module) ii php-fpdf 3:1.6.dfsg-1 PHP class to generate PDF files ii php-pear 5.3.3-6 PEAR - PHP Extension and Application Repository ii php5 5.3.3-6 server-side, HTML-embedded scripting language (metapackage) ii php5-cli 5.3.3-6 command-line interpreter for the php5 scripting language ii php5-common 5.3.3-6 Common files for packages built from the php5 source ii php5-curl 5.3.3-6 CURL module for php5 ii php5-dev 5.3.3-6 Files for PHP5 module development ii php5-gd 5.3.3-6 GD module for php5 ii php5-mcrypt 5.3.3-6 MCrypt module for php5 ii php5-mysql 5.3.3-6 MySQL module for php5 ii php5-suhosin 0.9.32.1-1 advanced protection module for php5 ========================= my concerns are 1) Are others getting similar errors? 2) What are the security concerns of using this PHP Stack on Squeeze. 3) What can I do to fix this? Also what is actually logged in /var/log/user.log ? Thanks :-) --Siju -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktinbcyam+o4gvkzr0my_km487byqwuglkqa9k...@mail.gmail.com
