Search This Blog

Wednesday, December 31, 2014

[SECURITY] [DSA 3117-1] php5 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3117-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
December 31, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : php5
CVE ID : CVE-2014-8142

Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.

As announced in DSA 3064-1 it has been decided to follow the stable
5.4.x releases for the Wheezy php5 packages. Consequently the
vulnerabilities are addressed by upgrading PHP to a new upstream version
5.4.36, which includes additional bug fixes, new features and possibly
incompatible changes. Please refer to the upstream changelog for more
information:

http://php.net/ChangeLog-5.php#5.4.36

Two additional patches were applied on top of the imported new upstream
version. An out-of-bounds read flaw was fixed which could lead php5-cgi
to crash. Moreover a bug with php5-pgsql in combination with PostgreSQL
9.1 was fixed (Debian Bug #773182).

For the stable distribution (wheezy), these problems have been fixed in
version 5.4.36-0+deb7u1.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUpAw8AAoJEAVMuPMTQ89EyLcQAI/Hwcf8nmK0dxuGNpN33Vhx
knelAzGeQW/kzmNPCTQAu4R7ncSB/S/oXaSvRayK6dIdf53oJop6819IEUhqh4AB
MNEu3oqMdTiE7w6uAZnRahKEEN/GZ4rm4Vppt8ByvtxR36y9u0AOBQgVZB0zQV/1
p8ewLenSx4SoRVVP630Jc1CUj8AwcgvYUOoLXNmuu5U3PvEPXAVT83i3BHD02Vh9
IyBD9JvRmvX13CaAFC19UuGzzVw7BRrTMQh3E6zoze+dKxadW8N/opr0tBZagqNy
0Lhv7GeldcQBze3O1ZiQvKvXGiDgzJtl4bYy6LMe2nShCXuSkWLOF1UiVbPqHh2N
NRhptHPPFb3nETRdQhIW7ZyLLFMR1ZKhwc4YUNuy/f8SFRddynE1QtVENxDtRmzy
6piuVYNl9fvgolGH3I33hK6O7lRhuXxggIgTEJCSkj3GVc+D6UuUx3njTK5Qac7Y
MT3TTMGuKJYpylCveT372mBkRdvMUVT7yDC3I0PMcWCkZDOUxb8XM6WqkHHa1hWV
rLD76rLBQNxVXaDRmX5/R5d4uzTy17Uio1PYaIr534+LF4HHWiINZVulEbJzN+JY
XUWb9kxZKIcI/Af2xzDhDfXAaAiRZjfSrQ+xczu5aj/1w+9xAIx1eChx2yM0J3GA
GrmtFP6vEovwwGUziHlF
=bK9J
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/E1Y6KY9-00062n-MM@master.debian.org

No comments: