drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in php5 (Aktualisierung)
Name: |
Denial of Service in php5 (Aktualisierung) |
|
ID: |
DSA-3074-2 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian wheezy |
|
Datum: |
Mi, 19. November 2014, 14:34 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
PHP |
|
Update von: |
Denial of Service in php5 |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3074-2 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 19, 2014 http://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : php5
The previous update for php5, DSA-3074-1, introduced regression in the sessionclean cron script. The change was intended to fix a potential symlink attack using filenames including the NULL character (Debian bug #766147), but depended on sed package version too recent, not in Wheezy.
This update reverts the fix, so people are advised to keep kernel symlink protection (sysctl fs.protected_symlinks=1) enabled as it is by default on Wheezy, which is enough to prevent successful exploitation.
For the stable distribution (wheezy), this problem has been fixed in version 5.4.35-0+deb7u2.
We recommend that you upgrade your php5 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQEcBAEBCgAGBQJUbHXDAAoJEG3bU/KmdcClQksIALHORGkFY4jBHkqu8zhU2jJT cwsgTfzcjqGOsIHVPTN3vS7ynB9qvFP9miYgFCn87pV2aZo66Nztgsrw6rt6tkBm vhUg18sxDkc46M/Wtlh5m9tk+2nuEVROlnxQXTuid5ipn79N59uUtVHGyvkVfboc m2noyg1zFK43g4pDovAQYZDXVd0uwHJwDoQevORZ10BoJj93SowkKcmLgJNolGyQ UFU8oyE6lrZdkyxmtSHWI4I98FDIL2oSzQEAy3dx33mTCR1HSS5fLOCCo5D8vQSk CAFXfLeYyK4xVmBds9U4loOj5Ll/g1PRs0yHEUPWwPlEUTVXFlKpMK729j7HOmc= =uIwr -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: https://lists.debian.org/20141119104942.GA28073@scapa.corsac.net
|
|
|
|