Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3117-1] php5 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3117-1] php5 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3117-1] php5 security update
  • Date: Wed, 31 Dec 2014 14:47:01 +0000
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 31 Dec 2014 14:47:24 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <1yrGOLLSyrG.A.P_.7xApUB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3117-1 security AT debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
December 31, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : php5
CVE ID : CVE-2014-8142

Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.

As announced in DSA 3064-1 it has been decided to follow the stable
5.4.x releases for the Wheezy php5 packages. Consequently the
vulnerabilities are addressed by upgrading PHP to a new upstream version
5.4.36, which includes additional bug fixes, new features and possibly
incompatible changes. Please refer to the upstream changelog for more
information:

http://php.net/ChangeLog-5.php#5.4.36

Two additional patches were applied on top of the imported new upstream
version. An out-of-bounds read flaw was fixed which could lead php5-cgi
to crash. Moreover a bug with php5-pgsql in combination with PostgreSQL
9.1 was fixed (Debian Bug #773182).

For the stable distribution (wheezy), these problems have been fixed in
version 5.4.36-0+deb7u1.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUpAw8AAoJEAVMuPMTQ89EyLcQAI/Hwcf8nmK0dxuGNpN33Vhx
knelAzGeQW/kzmNPCTQAu4R7ncSB/S/oXaSvRayK6dIdf53oJop6819IEUhqh4AB
MNEu3oqMdTiE7w6uAZnRahKEEN/GZ4rm4Vppt8ByvtxR36y9u0AOBQgVZB0zQV/1
p8ewLenSx4SoRVVP630Jc1CUj8AwcgvYUOoLXNmuu5U3PvEPXAVT83i3BHD02Vh9
IyBD9JvRmvX13CaAFC19UuGzzVw7BRrTMQh3E6zoze+dKxadW8N/opr0tBZagqNy
0Lhv7GeldcQBze3O1ZiQvKvXGiDgzJtl4bYy6LMe2nShCXuSkWLOF1UiVbPqHh2N
NRhptHPPFb3nETRdQhIW7ZyLLFMR1ZKhwc4YUNuy/f8SFRddynE1QtVENxDtRmzy
6piuVYNl9fvgolGH3I33hK6O7lRhuXxggIgTEJCSkj3GVc+D6UuUx3njTK5Qac7Y
MT3TTMGuKJYpylCveT372mBkRdvMUVT7yDC3I0PMcWCkZDOUxb8XM6WqkHHa1hWV
rLD76rLBQNxVXaDRmX5/R5d4uzTy17Uio1PYaIr534+LF4HHWiINZVulEbJzN+JY
XUWb9kxZKIcI/Af2xzDhDfXAaAiRZjfSrQ+xczu5aj/1w+9xAIx1eChx2yM0J3GA
GrmtFP6vEovwwGUziHlF
=bK9J
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: E1Y6KY9-00062n-MM AT master.debian.org">https://lists.debian.org/E1Y6KY9-00062n-MM AT master.debian.org



  • [IT-SecNots] [SECURITY] [DSA 3117-1] php5 security update, Salvatore Bonaccorso, 31.12.2014

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang