Debian Linux Security Advisory 4080-1 - Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.
fb40631b4e6e2aa36a01a6097b8791637329c2a2a7b66ec5d5560c871d05ec6a
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4080-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 08, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : php7.0
CVE ID : CVE-2017-11144 CVE-2017-11145 CVE-2017-11628
CVE-2017-12932 CVE-2017-12933 CVE-2017-12934
CVE-2017-16642
Several vulnerabilities were found in PHP, a widely-used open source
general purpose scripting language:
CVE-2017-11144
Denial of service in openssl extension due to incorrect return value
check of OpenSSL sealing function
CVE-2017-11145
Out-of-bounds read in wddx_deserialize()
CVE-2017-11628
Buffer overflow in PHP INI parsing API
CVE-2017-12932 / CVE-2017-12934
Use-after-frees during unserialisation
CVE-2017-12933
Buffer overread in finish_nested_data()
CVE-2017-16642
Out-of-bounds read in timelib_meridian()
For the stable distribution (stretch), these problems have been fixed in
version 7.0.27-0+deb9u1.
We recommend that you upgrade your php7.0 packages.
For the detailed security status of php7.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.0
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlpT7hUACgkQEMKTtsN8
TjZWCRAAg8ilmfTDQOwCCwXF2nwOk9Ev6G7hZkHzrAO3w9b7E9ygSjUCEIh+7Jqh
zJ4AcZuAH/fzGcr84mMboeAL6decXXM5g4Pi0jWuTBXHJCaW3rfgh0RZdJIacz3V
p7niE81skjOZQJsIsrthHtYBB5jhi4jJmLrxowEOcFyNYfkEPjJ3GsHaRMJy8kdZ
3idASsC3gisnBhSiCGZdFV6JzNOrErMJ5XPSzN7BNsiSny7TrwyGQCFsxP92Bq7F
7Wc+L9YZnJeaiNkpHK4ur9nbL4Jr8irtMYSERXoZwKX2eYaRK37gR6sjUfdCWssT
tASVTWlVvClGwp0cqkV2C5hcFeVKC1bASxCqROPWPFZ6+pl4ai8KOli6fyA18f0L
kskALnZSsB+XZbxzXrN/FKRfsUJIARwebrMMcTQxvlaFsnUxf73jz0sQ/WYrzIeV
PXICiTwg6L2kiGyFdgOardcEMzl/50V64/vAtsHlAladzLQN00dDYrkUqjhI3ZEq
2nA2GnBoLC/8OJSU+CRSvNOfSW2UoxEr2GBvh5xtlyCEeeo3ytgOZrtyNE9AGwgq
MDkK9EXEXuMtb7mFcf4uRVPam+4kUESKH3aD1L9ObTlfweMKp7iJeWBuMsmgulOT
NKWKPVmXkEgh/tRTtqjMEF7LIvXWe3qZAo2HVUBPOFTFijTn4cw=
=xo2P
-----END PGP SIGNATURE-----