##- Bitte geben Sie Ihre Antwort über dieser Zeile ein. -## [sipgate Adminteam] Betreff: [SECURITY] [DSA 3074-1] php5 security update
Deine Anfrage (# 1849) wurde aktualisiert. Um darauf zu antworten, antworte einfach auf diese Mail. ---------------------------------------------- Aktualisiert von: Markus Monka, 19. Nov 09:24 ---------- Forwarded message ---------- From: Yves-Alexis Perez <cor...@debian.org> Date: Tue, Nov 18, 2014 at 10:10 PM Subject: [SECURITY] [DSA 3074-1] php5 security update To: debian-security-annou...@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3074-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 18, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 CVE ID : CVE-2014-3710 Debian Bug : 68283 Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file. As announced in DSA-3064-1 it has been decided to follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently the vulnerability is addressed by upgrading PHP to a new upstream version 5.4.35, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information: http://php.net/ChangeLog-5.php#5.4.35 For the stable distribution (wheezy), this problem has been fixed in version 5.4.35-0+deb7u1. We recommend that you upgrade your php5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCgAGBQJUa7XMAAoJEG3bU/KmdcClzHgH/3sZmgwrWGUenVLcg3c8TWE3 uPMWOrUcRmPLzkyWuixKKaU1nijwB3EEYknNqGKqT87lLmZIntWF9FoJXfX6mxrg UpeSHQTknLPdL8w6gAg2KTFCkua+k8wIOqmW7TSpSHr6LU6Aq6ePkBGzBfEaXWLK JbL1HE8/SmfQ5+DWbaxz+g9cb5vJRHUUWGbTs2WotdrBlYho9wz4cSlx9khEIt3V B/NJ3Etvl7UMgS7Tii3h0WW+hksrgrXt8itBj7aNtasnFNf3iySlUoEaxeotIugu W6chDiuEKYdsq1jDdl0T/GhT2K9UxGIPoTwhvygLbGO20bw1Ux1Ku+r2qSNfryY= =0CGm -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141118211042.ga9...@scapa.corsac.net -- Dipl. Ing. Markus Monka - mmo...@sipgate.de Telefon: +49 (0)211-63 55 55-23 Telefax: +49 (0)211-63 55 55-22 sipgate GmbH - Gladbacher Str. 74 - 40219 Düsseldorf HRB Düsseldorf 39841 - Geschäftsführer: Thilo Salmon, Tim Mois Steuernummer: 106/5724/7147, Umsatzsteuer-ID: DE219349391 ---------------------------------------------- Aktualisiert von: Debian-security, 18. Nov 22:18 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3074-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez November 18, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 CVE ID : CVE-2014-3710 Debian Bug : 68283 Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file. As announced in DSA-3064-1 it has been decided to follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently the vulnerability is addressed by upgrading PHP to a new upstream version 5.4.35, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information: http://php.net/ChangeLog-5.php#5.4.35 For the stable distribution (wheezy), this problem has been fixed in version 5.4.35-0+deb7u1. We recommend that you upgrade your php5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCgAGBQJUa7XMAAoJEG3bU/KmdcClzHgH/3sZmgwrWGUenVLcg3c8TWE3 uPMWOrUcRmPLzkyWuixKKaU1nijwB3EEYknNqGKqT87lLmZIntWF9FoJXfX6mxrg UpeSHQTknLPdL8w6gAg2KTFCkua+k8wIOqmW7TSpSHr6LU6Aq6ePkBGzBfEaXWLK JbL1HE8/SmfQ5+DWbaxz+g9cb5vJRHUUWGbTs2WotdrBlYho9wz4cSlx9khEIt3V B/NJ3Etvl7UMgS7Tii3h0WW+hksrgrXt8itBj7aNtasnFNf3iySlUoEaxeotIugu W6chDiuEKYdsq1jDdl0T/GhT2K9UxGIPoTwhvygLbGO20bw1Ux1Ku+r2qSNfryY= =0CGm -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141118211042.ga9...@scapa.corsac.net -------------------------------- Diese E-Mail ist ein Service von sipgate Adminteam. [K6KP-P21X]
