1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4240-1] php7.0 security update

    From Moritz Muehlenhoff@1:229/2 to All on Thu Jul 5 22:40:02 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4240-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff
    July 05, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php7.0
    CVE ID : CVE-2018-7584 CVE-2018-10545 CVE-2018-10546
    CVE-2018-10547 CVE-2018-10548 CVE-2018-10549

    Several vulnerabilities were found in PHP, a widely-used open source
    general purpose scripting language:

    CVE-2018-7584

    Buffer underread in parsing HTTP responses

    CVE-2018-10545

    Dumpable FPM child processes allowed the bypass of opcache access
    controls

    CVE-2018-10546

    Denial of service via infinite loop in convert.iconv stream filter

    CVE-2018-10547

    The fix for CVE-2018-5712 (shipped in DSA 4080) was incomplete

    CVE-2018-10548

    Denial of service via malformed LDAP server responses

    CVE-2018-10549

    Out-of-bounds read when parsing malformed JPEG files

    For the stable distribution (stretch), these problems have been fixed in version 7.0.30-0+deb9u1.

    We recommend that you upgrade your php7.0 packages.

    For the detailed security status of php7.0 please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/php7.0

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAls+gHsACgkQEMKTtsN8 TjZQ9g/+OI9kfKCZx/vFJ+dBmP3TGdvFTg81BQo5qNcF7GabJgGPLJ7q7q/Lo8oh HBIrudLIDXjRI2SyB0F7gkUld2uCzokxRmMG0FvLFVpLpEEvBaqPzK7f9FuD6s1t ZcoWbNQ7JuBFxnaf8AxOz/qvwgs7RGoO9W4kcjZN3Chs1VKDPatchC2PO1ua5YHa eX4mpBhpiqYONwrb6eGuSUbJSeJCKSoe3WMYZXPRNPLRktmvDRqR/7BSoYQt/2dj dVN2+a/0NSw1qE0SdsMwOCK5y9CQ2NgmjqyQzRSrpONe1uwL+It+W6KNkc0fZpKB 0etoddlo6gWc+5lQYNkQoyW5mZhlLwNImxG+BC6z4pLA+4yrQVW3Zm0xqPAqo0ci PIn/voBeWWzqjdj8ew9fJLewocwchXMYxu/ZWRMOeNE7AkxdutI4Cry4kaUKRgQ8 4EtW+cqjr7pqZ+5eTQY9kpAB9ddQGRcxet3cST2l/og3nxoj9hAn6zH6u8RW7NSD OSzF18vDN/X45ECX3+/T6eAwW6ntmV/H+dcMVaZM1vw7UyMElCiQ4j8nKwZ7h9SB DROSUaaspN7SvfXhZKnZ7Ly5qwYbUwN4KbCrf2PhkBgZq8bmtjUxVkRvxlOykm+5 JrwEG1QQ97kmzEiomrhRwP0Ftg9QUAmPrXRNJuibilsI1RG/2gc=
    =8Kva
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)