1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2961-1] php5 security update

    From Salvatore Bonaccorso@1:229/2 to All on Mon Jun 16 21:40:03 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2961-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso
    June 16, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php5
    CVE ID : CVE-2014-4049
    Debian Bug : 751364

    It was discovered that PHP, a general-purpose scripting language
    commonly used for web application development, is vulnerable to a
    heap-based buffer overflow in the DNS TXT record parsing. A malicious
    server or man-in-the-middle attacker could possibly use this flaw to
    execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.

    For the stable distribution (wheezy), this problem has been fixed in
    version 5.4.4-14+deb7u11.

    For the testing distribution (jessie), this problem has been fixed in
    version 5.6.0~beta4+dfsg-3.

    For the unstable distribution (sid), this problem has been fixed in
    version 5.6.0~beta4+dfsg-3.

    We recommend that you upgrade your php5 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJTn0WdAAoJEAVMuPMTQ89EcOQP/0rczSnIqKQs2hIl1s/zNudK ugpcxiKjHzNyNzY7qSv8uHFTZDUX1LGbBRMFtBfGm1f80hMjq0+JAGNOJCMP1e2I V0L7beyQ+oWz3RJr6XSnp5QfF0BTBLv3rWbuhWMDWu1e0s3B3KU5ubYuvjzDA+U7 mO8Z1eB+KnAMOKQnL2Arpf4P0UTOJXXh/QUaR49iS1+grSzAkge/aSNngn2OKs8V Pt05Aw+MDUp6AlUX6SnIZ4W2dZo4kVXgznb2q9k6GZt4J9bABemSdUDwia64Sr6C EI/U/Sd+zzfg4Qj6OBt5fIvgNgL43PRNGMBWpO2RQ2IeUQYKEqH7azd0e2ysLHr2 zEudtKKb0fynXrfDKWQAf6C42xEeSFqyiYxAysbmVPdfXsUxTKP+aU0aH72BBhAj sVCF1SZR2rirPO+WA/vp3NNyWNAkLpqLQJ4RQsK8k72a2xxodUS5a25vWnPODaFX EW+S1D/BNvwAPr+FKWwZHK7VPNQf7ZvmEix1loyXbeHvSFecs3k28Jx69FAu8HLC bvO2Q+VSVJ/2wuAbxl41BM6wfaJJSEF6mkDu0ki0QExvELMOzjdnDTJjLOMWe12p JQgnjduqD7BoX+lmCf65fru3ufy/fxwKUI2L2/mq2wqYX6CMaW63xVuYVzYgba3x mDUG1TVPSksHPNXUfsvw
    =dJZx
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)