Debian Security Advisory
DLA-533-1 php5 -- LTS security update
- Date Reported:
- 29 Jun 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096.
- More information:
Absence of null character causes unexpected zend_string length and leaks heap memory. The test script uses locale_get_primary_language to reach get_icu_value_internal but there are some other functions that also trigger this issue:
don't create strings with lengths outside int range
similar to CVE-2016-5094 don't create strings with lengths outside int range
int/size_t confusion in fread
bug70661: Use After Free Vulnerability in WDDX Packet Deserialization
bug70728: Type Confusion Vulnerability in PHP_to_XMLRPC_worker()
bug70741: Session WDDX Packet Deserialization Type Confusion Vulnerability
bug70480: php_url_parse_ex() buffer overflow read
For Debian 7
Wheezy, these problems have been fixed in version 5.4.45-0+deb7u4.
We recommend that you upgrade your php5 packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS