drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in php7.0
Name: |
Mehrere Probleme in php7.0 |
|
ID: |
DSA-4240-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch |
|
Datum: |
Do, 5. Juli 2018, 23:02 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10547 |
|
Applikationen: |
PHP |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4240-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : php7.0 CVE ID : CVE-2018-7584 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language:
CVE-2018-7584
Buffer underread in parsing HTTP responses
CVE-2018-10545
Dumpable FPM child processes allowed the bypass of opcache access controls
CVE-2018-10546
Denial of service via infinite loop in convert.iconv stream filter
CVE-2018-10547
The fix for CVE-2018-5712 (shipped in DSA 4080) was incomplete
CVE-2018-10548
Denial of service via malformed LDAP server responses
CVE-2018-10549
Out-of-bounds read when parsing malformed JPEG files
For the stable distribution (stretch), these problems have been fixed in version 7.0.30-0+deb9u1.
We recommend that you upgrade your php7.0 packages.
For the detailed security status of php7.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.0
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAls+gHsACgkQEMKTtsN8 TjZQ9g/+OI9kfKCZx/vFJ+dBmP3TGdvFTg81BQo5qNcF7GabJgGPLJ7q7q/Lo8oh HBIrudLIDXjRI2SyB0F7gkUld2uCzokxRmMG0FvLFVpLpEEvBaqPzK7f9FuD6s1t ZcoWbNQ7JuBFxnaf8AxOz/qvwgs7RGoO9W4kcjZN3Chs1VKDPatchC2PO1ua5YHa eX4mpBhpiqYONwrb6eGuSUbJSeJCKSoe3WMYZXPRNPLRktmvDRqR/7BSoYQt/2dj dVN2+a/0NSw1qE0SdsMwOCK5y9CQ2NgmjqyQzRSrpONe1uwL+It+W6KNkc0fZpKB 0etoddlo6gWc+5lQYNkQoyW5mZhlLwNImxG+BC6z4pLA+4yrQVW3Zm0xqPAqo0ci PIn/voBeWWzqjdj8ew9fJLewocwchXMYxu/ZWRMOeNE7AkxdutI4Cry4kaUKRgQ8 4EtW+cqjr7pqZ+5eTQY9kpAB9ddQGRcxet3cST2l/og3nxoj9hAn6zH6u8RW7NSD OSzF18vDN/X45ECX3+/T6eAwW6ntmV/H+dcMVaZM1vw7UyMElCiQ4j8nKwZ7h9SB DROSUaaspN7SvfXhZKnZ7Ly5qwYbUwN4KbCrf2PhkBgZq8bmtjUxVkRvxlOykm+5 JrwEG1QQ97kmzEiomrhRwP0Ftg9QUAmPrXRNJuibilsI1RG/2gc= =8Kva -----END PGP SIGNATURE-----
|
|
|
|