[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1066-1] php5 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : php5
Version        : 5.4.45-0+deb7u10
CVE ID         : CVE-2017-11628

A stack-based buffer overflow in the zend_ini_do_op() function in
Zend/zend_ini_parser.c could cause a denial of service or potentially allow
executing code. NOTE: this is only relevant for PHP applications that accept
untrusted input (instead of the system's php.ini file) for the parse_ini_string
or parse_ini_file function, e.g., a web application for syntax validation of
php.ini directives.

For Debian 7 "Wheezy", these problems have been fixed in version
5.4.45-0+deb7u10.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAlmhmhoACgkQ+COicpiD
yXxJehAAi4uUHRCESiXSnRRNQJKqnO2D9BIDAYbUqjzDBUlSGu82TmGqbnEDJ86T
W1sM1Eri0y22q8YL3IQpUQ3PJB+tYauhWZ7CcnjyuRcMquryE4Q69hhE52QP7SkR
la1ZS+WrmDOJst5GGsEm0KAFhR/eZlqJkxRr4YCulz2b06o66xtLDhnnAk5uynTf
rHoW8Zq3cduQns6145dC7CCLl///nTCTrWgI5ujzKMe+S98cEFiMcgneaNZXxqrH
64WoO8/dHVQwyAEiFO8RzvcdVEiEG4zfV7rfnP8kqCdI/cOVwzTNQbyy4+hEjD95
YFOR5+hr3AIVanVoHTcrnqh/GzBRF63avlqoHkl4v7osULGpIR9Uqi1p62q/Egac
+YMsz502sEXPbIm3sro6ndk0aEbwS63DlG0IDtvUxNL68Yu2A3kSgHTl43oOJmBZ
1/jRqFMzmog/IHNx7TB9O27iGvVeQyllJV5bUK4b/uisqmnEjg7mD+6dJi96NrGe
Od9FjrsZZM3waSytPdNAmnMSxP9uyGE3gyExaai6+H5QmlqCO99SRvykPOZtVZqm
CXOkeBwehKMt/ipPIwQIzV8PWIsF+TSEnjkV+FIpb0+Ty8k0xiQF3ACzc7Vj9hyX
9aMUBQuIwk3/Usof/QdKAWl7yDFVrYIwdR0dkeehC5xmD5H8bNw=
=zBiD
-----END PGP SIGNATURE-----


Reply to: