1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3195-1] php5 security update

    From Moritz Muehlenhoff@1:229/2 to All on Wed Mar 18 13:00:02 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3195-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
    March 18, 2015 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php5
    CVE ID : CVE-2014-9705 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273
    CVE-2015-2305

    Multiple vulnerabilities have been discovered in the PHP language:

    CVE-2015-2305

    Guido Vranken discovered a heap overflow in the ereg extension
    (only applicable to 32 bit systems).

    CVE-2014-9705

    Buffer overflow in the enchant extension.

    CVE-2015-0231

    Stefan Esser discovered a use-after-free in the unserialisation
    of objects.

    CVE-2015-0232

    Alex Eubanks discovered incorrect memory management in the exif
    extension.

    CVE-2015-0273

    Use-after-free in the unserialisation of DateTimeZone.

    For the stable distribution (wheezy), these problems have been fixed in
    version 5.4.38-0+deb7u1.

    For the upcoming stable distribution (jessie), these problems have been
    fixed in version 5.6.6+dfsg-2.

    For the unstable distribution (sid), these problems have been fixed in
    version 5.6.6+dfsg-2.

    We recommend that you upgrade your php5 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJVCWe4AAoJEBDCk7bDfE4249UP/jlinAvm/+JfHoVuW/t/ymdX uh0E6W+arGNh3To1qZk/LtijFjoWgw/GUIcWbwx6JASZPrufHKARyg+PuQkv6K4c s13O+929CD2/j0QD4qZpi+fUJl2mSZW4SSmlc7ZO8XKUf6648SJZQKnE50HyEhkI /EM57Z920B+8LB01BQf5glWpZaJb730OyVgB3kzga17A7ew+Rn1vXSRSdxrPHz7t rthR0alQ0MD+VpxvUIBtHUSIDNWr0YZkul7pf5T7U6LXaZKv4SEGmg0wkAu4CxBi ugnBpma6Y5DsNB3qsaeelxH9bRZ9yuL5R7ocTZCq7jseOCwVz8jXkvWwFUZQUB/g dBGZF17qhlEOV3RZ5G0VA0sO87rv9TNtFKV7BXT10ktjMMbBeyK8Abf4Gxuv4NyJ tSaf3+y7ZMgC2/D/IghDZlWLKsTPWEitPnFY3IMVGI34RJIK58Y6kRF1gp95kGpz Yu6TSkO+rJpvKwGCaJMVJ+BlR4beeptRWCIGyDK77FC4L5AYroB0iBKE+KscesHn OFtBLbNTNZ0LhAKmUL62AptY76LB5MxPPpUPC1VcMPZNPt7YFm8QOz/3tvikf3GT pq+DzelS3xSzZ3hDWq8ZVGy2jdS4kpuQ/8YXKJ+G82GDHnHf1uLCcbtuHIfp32b0 +3iVdyFOEiUQFzsBBbi0
    =HSFm
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)