Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in PHP
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in PHP
ID: DSA-4080-1
Distribution: Debian
Plattformen: Debian stretch
Datum: Di, 9. Januar 2018, 09:08
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11144
Applikationen: PHP

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4080-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 08, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : php7.0
CVE ID : CVE-2017-11144 CVE-2017-11145 CVE-2017-11628
CVE-2017-12932 CVE-2017-12933 CVE-2017-12934
CVE-2017-16642

Several vulnerabilities were found in PHP, a widely-used open source
general purpose scripting language:

CVE-2017-11144

Denial of service in openssl extension due to incorrect return value
check of OpenSSL sealing function

CVE-2017-11145

Out-of-bounds read in wddx_deserialize()

CVE-2017-11628

Buffer overflow in PHP INI parsing API

CVE-2017-12932 / CVE-2017-12934

Use-after-frees during unserialisation

CVE-2017-12933

Buffer overread in finish_nested_data()

CVE-2017-16642

Out-of-bounds read in timelib_meridian()

For the stable distribution (stretch), these problems have been fixed in
version 7.0.27-0+deb9u1.

We recommend that you upgrade your php7.0 packages.

For the detailed security status of php7.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlpT7hUACgkQEMKTtsN8
TjZWCRAAg8ilmfTDQOwCCwXF2nwOk9Ev6G7hZkHzrAO3w9b7E9ygSjUCEIh+7Jqh
zJ4AcZuAH/fzGcr84mMboeAL6decXXM5g4Pi0jWuTBXHJCaW3rfgh0RZdJIacz3V
p7niE81skjOZQJsIsrthHtYBB5jhi4jJmLrxowEOcFyNYfkEPjJ3GsHaRMJy8kdZ
3idASsC3gisnBhSiCGZdFV6JzNOrErMJ5XPSzN7BNsiSny7TrwyGQCFsxP92Bq7F
7Wc+L9YZnJeaiNkpHK4ur9nbL4Jr8irtMYSERXoZwKX2eYaRK37gR6sjUfdCWssT
tASVTWlVvClGwp0cqkV2C5hcFeVKC1bASxCqROPWPFZ6+pl4ai8KOli6fyA18f0L
kskALnZSsB+XZbxzXrN/FKRfsUJIARwebrMMcTQxvlaFsnUxf73jz0sQ/WYrzIeV
PXICiTwg6L2kiGyFdgOardcEMzl/50V64/vAtsHlAladzLQN00dDYrkUqjhI3ZEq
2nA2GnBoLC/8OJSU+CRSvNOfSW2UoxEr2GBvh5xtlyCEeeo3ytgOZrtyNE9AGwgq
MDkK9EXEXuMtb7mFcf4uRVPam+4kUESKH3aD1L9ObTlfweMKp7iJeWBuMsmgulOT
NKWKPVmXkEgh/tRTtqjMEF7LIvXWe3qZAo2HVUBPOFTFijTn4cw=
=xo2P
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung