1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3198-1] php5 security update

    From Moritz Muehlenhoff@1:229/2 to All on Fri Mar 20 18:40:03 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3198-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
    March 20, 2015 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php5
    CVE ID : CVE-2015-2301 CVE-2015-2331

    Multiple vulnerabilities have been discovered in the PHP language:

    CVE-2015-2301

    Use-after-free in the phar extension.

    CVE-2015-2331

    Emmanuel Law discovered an integer overflow in the processing
    of ZIP archives, resulting in denial of service or potentially
    the execution of arbitrary code.

    For the stable distribution (wheezy), these problems have been fixed in
    version 5.4.39-0+deb7u1. This update also fixes a regression in the
    curl support introduced in DSA 3195.

    For the unstable distribution (sid), these problems will be fixed soon.

    We recommend that you upgrade your php5 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJVDFjtAAoJEBDCk7bDfE42QWUP/AwLl9c70jCgYqGBTYSHf6qV 1/oFMLL2wX3luvlbU4u8/WIJMBz5JEVoIZiJlFI4JM8NW4jzRV6K7mMCFqeB16zY VLIPjujtcGMQg7xgG1mC5Z08Fe65Er9M7ZUKtGW6znjybYVmLiXDYEnjnTgLfLVM tdKhPdOCRY6srWhejy6bGRQ2mO46YeDm8eyAQA5csC1Vv+Q4GLSi66qYO7EXmo4x zpiFQWDgn1WTajGNEYPsrzof+qZoLRtpA7UxCXiZzBH25q7a/G0wrTw52J0+3HDZ hezWRm6a8VrMJEDeWekZnp9BZLCVhxeN2mANhvWQhiKbZFr8mAxoMWz/Xj4nLATL VYZxUrMIY7NWXgrNAzk4FOX7WpwqMZdCeFkyw8h+NzkGuuKjVsfa1CoE3EQW4LQr eLjZRza7qYFU13xP4t3GU4hPqWiSOC/Rz7Za6SXfMfDwjCOcVB7knH12kskiGqte n9KZV9Q0g972eDLNDRVyvB5eUW6LkbrovP0xdtySuGdmLN7sJNA1s5kLZSARq/OP ew+KmPwIGbwaIf6gr0k4rIEWL1C75kBRz24R0QG1LJE4yJ9a370D6vTdR7yUKwye ZKP1oQmjJ5c/mN2aeZo1SxLeYra5xBud9LxM1hkATQ3gd6Ngrj26YN9qdlstghBj 6sLuKDh4rOYYp0vzyK0V
    =ucpL
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)