Lesezeichen hinzufügen
Originalnachricht
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-4080-1 security@debian.orghttps://www.debian.org/security/ Moritz MuehlenhoffJanuary 08, 2018 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : php7.0CVE ID : CVE-2017-11144 CVE-2017-11145 CVE-2017-11628 CVE-2017-12932 CVE-2017-12933 CVE-2017-12934 CVE-2017-16642Several vulnerabilities were found in PHP, a widely-used open sourcegeneral purpose scripting language:CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing functionCVE-2017-11145 Out-of-bounds read in wddx_deserialize()CVE-2017-11628 Buffer overflow in PHP INI parsing APICVE-2017-12932 / CVE-2017-12934 Use-after-frees during unserialisationCVE-2017-12933 Buffer overread in finish_nested_data()CVE-2017-16642 Out-of-bounds read in timelib_meridian()For the stable distribution (stretch), these problems have been fixed inversion 7.0.27-0+deb9u1.We recommend that you upgrade your php7.0 packages.For the detailed security status of php7.0 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/php7.0Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlpT7hUACgkQEMKTtsN8TjZWCRAAg8ilmfTDQOwCCwXF2nwOk9Ev6G7hZkHzrAO3w9b7E9ygSjUCEIh+7JqhzJ4AcZuAH/fzGcr84mMboeAL6decXXM5g4Pi0jWuTBXHJCaW3rfgh0RZdJIacz3Vp7niE81skjOZQJsIsrthHtYBB5jhi4jJmLrxowEOcFyNYfkEPjJ3GsHaRMJy8kdZ3idASsC3gisnBhSiCGZdFV6JzNOrErMJ5XPSzN7BNsiSny7TrwyGQCFsxP92Bq7F7Wc+L9YZnJeaiNkpHK4ur9nbL4Jr8irtMYSERXoZwKX2eYaRK37gR6sjUfdCWssTtASVTWlVvClGwp0cqkV2C5hcFeVKC1bASxCqROPWPFZ6+pl4ai8KOli6fyA18f0LkskALnZSsB+XZbxzXrN/FKRfsUJIARwebrMMcTQxvlaFsnUxf73jz0sQ/WYrzIeVPXICiTwg6L2kiGyFdgOardcEMzl/50V64/vAtsHlAladzLQN00dDYrkUqjhI3ZEq2nA2GnBoLC/8OJSU+CRSvNOfSW2UoxEr2GBvh5xtlyCEeeo3ytgOZrtyNE9AGwgqMDkK9EXEXuMtb7mFcf4uRVPam+4kUESKH3aD1L9ObTlfweMKp7iJeWBuMsmgulOTNKWKPVmXkEgh/tRTtqjMEF7LIvXWe3qZAo2HVUBPOFTFijTn4cw==xo2P-----END PGP SIGNATURE-----