Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3198-1] php5 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3198-1] php5 security update


Chronologisch Thread 
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3198-1] php5 security update
  • Date: Fri, 20 Mar 2015 18:31:08 +0100
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <jmm AT inutil.org>
  • Priority: urgent
  • Resent-date: Fri, 20 Mar 2015 17:31:27 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <RC9sgYiufoB.A.5CD.vlFDVB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3198-1 security AT debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : php5
CVE ID : CVE-2015-2301 CVE-2015-2331

Multiple vulnerabilities have been discovered in the PHP language:

CVE-2015-2301

Use-after-free in the phar extension.

CVE-2015-2331

Emmanuel Law discovered an integer overflow in the processing
of ZIP archives, resulting in denial of service or potentially
the execution of arbitrary code.

For the stable distribution (wheezy), these problems have been fixed in
version 5.4.39-0+deb7u1. This update also fixes a regression in the
curl support introduced in DSA 3195.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVDFjtAAoJEBDCk7bDfE42QWUP/AwLl9c70jCgYqGBTYSHf6qV
1/oFMLL2wX3luvlbU4u8/WIJMBz5JEVoIZiJlFI4JM8NW4jzRV6K7mMCFqeB16zY
VLIPjujtcGMQg7xgG1mC5Z08Fe65Er9M7ZUKtGW6znjybYVmLiXDYEnjnTgLfLVM
tdKhPdOCRY6srWhejy6bGRQ2mO46YeDm8eyAQA5csC1Vv+Q4GLSi66qYO7EXmo4x
zpiFQWDgn1WTajGNEYPsrzof+qZoLRtpA7UxCXiZzBH25q7a/G0wrTw52J0+3HDZ
hezWRm6a8VrMJEDeWekZnp9BZLCVhxeN2mANhvWQhiKbZFr8mAxoMWz/Xj4nLATL
VYZxUrMIY7NWXgrNAzk4FOX7WpwqMZdCeFkyw8h+NzkGuuKjVsfa1CoE3EQW4LQr
eLjZRza7qYFU13xP4t3GU4hPqWiSOC/Rz7Za6SXfMfDwjCOcVB7knH12kskiGqte
n9KZV9Q0g972eDLNDRVyvB5eUW6LkbrovP0xdtySuGdmLN7sJNA1s5kLZSARq/OP
ew+KmPwIGbwaIf6gr0k4rIEWL1C75kBRz24R0QG1LJE4yJ9a370D6vTdR7yUKwye
ZKP1oQmjJ5c/mN2aeZo1SxLeYra5xBud9LxM1hkATQ3gd6Ngrj26YN9qdlstghBj
6sLuKDh4rOYYp0vzyK0V
=ucpL
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: https://lists.debian.org/20150320173107.GA17506 AT pisco.westfalen.local




  • [IT-SecNots] [SECURITY] [DSA 3198-1] php5 security update, Moritz Muehlenhoff, 20.03.2015

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang