If you're a user of Ubuntu 11.04 (Natty Narwhal) and are needing to get a full LAMP stack up and running, you're in luck. Omar Abdallah has put together a guide to help with just that.

I wont cover what's new in php 5.3 since it would be another article, however it contains alot of improvements including PHP Namespaces, Late Static Bindings, lambda functions, closures...etc. I would strongly recommend using it. I'll be explaining how to install LAMP stack with PHP 5.3.6 without compiling. It's fairly easy using the dotdeb repository.

He steps you through adding the dotdeb package locations to your plist file and pulling down the GPG key for the connection. The rest is a simple "aptitude install" command away, pulling in the apache2, mysql, php5, mcrypt, curl, gd and phpmyadmin packages.

The Hardened PHP Project has released another vulnerability today for the Dotdeb PHP package repository software. The exploit allows for an email header injection.

It was discovered that the Dotdeb PHP packages are patched with a mail() protection patch that was originally created by Steve Bennett and is nowadays developed at choon.net. This patch adds an X-PHP-Script header to outgoing mails that contains the name of the server, the script and the calling IP.

An example of an attack via this issue would be injecting Bcc: headers into emails with sensitive information, copying them to themselves. The latest version of the package can be downloaded from their site. It is suggested that versions less than 5.2.0 Rev 3 upgrade immediately.

The Hardened PHP Project has released another vulnerability today for the Dotdeb PHP package repository software. The exploit allows for an email header injection.

It was discovered that the Dotdeb PHP packages are patched with a mail() protection patch that was originally created by Steve Bennett and is nowadays developed at choon.net. This patch adds an X-PHP-Script header to outgoing mails that contains the name of the server, the script and the calling IP.

An example of an attack via this issue would be injecting Bcc: headers into emails with sensitive information, copying them to themselves. The latest version of the package can be downloaded from their site. It is suggested that versions less than 5.2.0 Rev 3 upgrade immediately.