drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in php5
| Name: |
Denial of Service in php5 |
|
| ID: |
DSA-3074-1 |
|
| Distribution: |
Debian |
|
| Plattformen: |
Debian wheezy |
|
| Datum: |
Mi, 19. November 2014, 07:32 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710 |
|
| Applikationen: |
PHP |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3074-1 security@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
November 18, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : php5
CVE ID : CVE-2014-3710
Debian Bug : 68283
Francisco Alonso of Red Hat Product Security found an issue in the file
utility, whose code is embedded in PHP, a general-purpose scripting
language. When checking ELF files, note headers are incorrectly
checked, thus potentially allowing attackers to cause a denial of
service (out-of-bounds read and application crash) by supplying a
specially crafted ELF file.
As announced in DSA-3064-1 it has been decided to follow the stable
5.4.x releases for the Wheezy php5 packages. Consequently the
vulnerability is addressed by upgrading PHP to a new upstream version
5.4.35, which includes additional bug fixes, new features and possibly
incompatible changes. Please refer to the upstream changelog for more
information:
http://php.net/ChangeLog-5.php#5.4.35
For the stable distribution (wheezy), this problem has been fixed in
version 5.4.35-0+deb7u1.
We recommend that you upgrade your php5 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCgAGBQJUa7XMAAoJEG3bU/KmdcClzHgH/3sZmgwrWGUenVLcg3c8TWE3
uPMWOrUcRmPLzkyWuixKKaU1nijwB3EEYknNqGKqT87lLmZIntWF9FoJXfX6mxrg
UpeSHQTknLPdL8w6gAg2KTFCkua+k8wIOqmW7TSpSHr6LU6Aq6ePkBGzBfEaXWLK
JbL1HE8/SmfQ5+DWbaxz+g9cb5vJRHUUWGbTs2WotdrBlYho9wz4cSlx9khEIt3V
B/NJ3Etvl7UMgS7Tii3h0WW+hksrgrXt8itBj7aNtasnFNf3iySlUoEaxeotIugu
W6chDiuEKYdsq1jDdl0T/GhT2K9UxGIPoTwhvygLbGO20bw1Ux1Ku+r2qSNfryY=
=0CGm
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Archive: https://lists.debian.org/20141118211042.GA9832@scapa.corsac.net
|
|
|
|
