From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4080-1
[email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2018
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : php7.0
CVE ID : CVE-2017-11144 CVE-2017-11145 CVE-2017-11628
CVE-2017-12932 CVE-2017-12933 CVE-2017-12934
CVE-2017-16642
Several vulnerabilities were found in PHP, a widely-used open source
general purpose scripting language:
CVE-2017-11144
Denial of service in openssl extension due to incorrect return value
check of OpenSSL sealing function
CVE-2017-11145
Out-of-bounds read in wddx_deserialize()
CVE-2017-11628
Buffer overflow in PHP INI parsing API
CVE-2017-12932 / CVE-2017-12934
Use-after-frees during unserialisation
CVE-2017-12933
Buffer overread in finish_nested_data()
CVE-2017-16642
Out-of-bounds read in timelib_meridian()
For the stable distribution (stretch), these problems have been fixed in version 7.0.27-0+deb9u1.
We recommend that you upgrade your php7.0 packages.
For the detailed security status of php7.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.0
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
[email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlpT7hUACgkQEMKTtsN8 TjZWCRAAg8ilmfTDQOwCCwXF2nwOk9Ev6G7hZkHzrAO3w9b7E9ygSjUCEIh+7Jqh zJ4AcZuAH/fzGcr84mMboeAL6decXXM5g4Pi0jWuTBXHJCaW3rfgh0RZdJIacz3V p7niE81skjOZQJsIsrthHtYBB5jhi4jJmLrxowEOcFyNYfkEPjJ3GsHaRMJy8kdZ 3idASsC3gisnBhSiCGZdFV6JzNOrErMJ5XPSzN7BNsiSny7TrwyGQCFsxP92Bq7F 7Wc+L9YZnJeaiNkpHK4ur9nbL4Jr8irtMYSERXoZwKX2eYaRK37gR6sjUfdCWssT tASVTWlVvClGwp0cqkV2C5hcFeVKC1bASxCqROPWPFZ6+pl4ai8KOli6fyA18f0L kskALnZSsB+XZbxzXrN/FKRfsUJIARwebrMMcTQxvlaFsnUxf73jz0sQ/WYrzIeV PXICiTwg6L2kiGyFdgOardcEMzl/50V64/vAtsHlAladzLQN00dDYrkUqjhI3ZEq 2nA2GnBoLC/8OJSU+CRSvNOfSW2UoxEr2GBvh5xtlyCEeeo3ytgOZrtyNE9AGwgq MDkK9EXEXuMtb7mFcf4uRVPam+4kUESKH3aD1L9ObTlfweMKp7iJeWBuMsmgulOT NKWKPVmXkEgh/tRTtqjMEF7LIvXWe3qZAo2HVUBPOFTFijTn4cw=
=xo2P
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)