1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4081-1] php5 security update

    From Moritz Muehlenhoff@1:229/2 to All on Mon Jan 8 23:40:02 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4081-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php5
    CVE ID : CVE-2017-11142 CVE-2017-11143 CVE-2017-11144
    CVE-2017-11145 CVE-2017-11628 CVE-2017-12933
    CVE-2017-16642

    Several vulnerabilities were found in PHP, a widely-used open source
    general purpose scripting language:

    CVE-2017-11142

    Denial of service via overly long form variables

    CVE-2017-11143

    Invalid free() in wddx_deserialize()

    CVE-2017-11144

    Denial of service in openssl extension due to incorrect return value
    check of OpenSSL sealing function.

    CVE-2017-11145

    Out-of-bounds read in wddx_deserialize()

    CVE-2017-11628

    Buffer overflow in PHP INI parsing API

    CVE-2017-12933

    Buffer overread in finish_nested_data()

    CVE-2017-16642

    Out-of-bounds read in timelib_meridian()

    For the oldstable distribution (jessie), these problems have been fixed
    in version 5.6.33+dfsg-0+deb8u1.

    We recommend that you upgrade your php5 packages.

    For the detailed security status of php5 please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/php5

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlpT7h0ACgkQEMKTtsN8 TjZXmg//ckIev7tKnujmMNnfFQDzK4Tjrxe2gdJUrBa5NUvWO2kMdnyt1TiYgXpL P0VFzOax1tdRkpK7jPZ3BSziZ6Fvz1fcQm0AqxAyykN9mDRqn23unSmfkP1qL1NX Z1CJ2kjbRueUMYhgOk2rtLh4ylYMyarINHHxHCzoHYRAPjBUcAD1obauQQc+sdw+ ipDZc7qUI3nY82wxTFmYiBhy7fq7YuXddEK1F2Nu0ziVR7ehnmod1l/xwpBx70HN R1ckbEzgp9ezew4q30q3s7XLpGlOQaprR/5292agXwLTkTZjmIssKAA61VLb+Yx/ ogrwq1EqLVHxz05o7zj63beo+YMXeRURmwjGVpqgAqH7ozIGJvuKpGoDTRfOZ/RX Lhwy2gUboc0eju1MXOqv0xMDa75m/4F3gvjj356dcNNDbfmyy/dizuO7XdcMdFDR tRX7l8eFsazYVUw2kSUQx/kEg2DnkIVre+hGKef1OL9ABygFsk2qUplFM/He7Wfm MPmNlt86H1iNCKdVJOtCYDpkwZvAf/oaV8YIgCkWGyoS7T4qcnqc0W8mm7twJqPM Six9k19Gk/sOrG/QLAsNd/YI+XxdL9BjfKU5XXPrA2sIo7mypE+aedkjM78ZR1Bj x4rl6s+C2LwBczw/EN62gTjiltBRykc2aOHNCnbHhA75pojm4jQ=
    =rHKK
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)