[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1076-1] php5 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : php5
Version        : 5.4.45-0+deb7u11
CVE ID         : CVE-2017-12933

The finish_nested_data function in ext/standard/var_unserializer.re in PHP is
prone to a buffer over-read while unserializing untrusted data. Exploitation of
this issue can have an unspecified impact on the integrity of PHP.

For Debian 7 "Wheezy", these problems have been fixed in version
5.4.45-0+deb7u11.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAlmm3ucACgkQ+COicpiD
yXxxAA/+N/tEpGzA7cf89Id0brrkNV0PT5whVC20F0k4ahpNE/+2Olv5DILpY3Tu
t9hbQe81aPbRHO13SzU5LwUTd5wvH8H896/fOrzVvugpnNUpDmAAgIoWefmx9EPB
km91JZTfw1+aejLfN6KtDk+ZGKI7ofhKQ2ktCdmRbp4KHiND3fFy5qxAvNFwChPl
qaLBu1q/1zLnlrela7MeihimVzJCic2+imxMNB2p8JWchHDnGaDae0QUGoek4QG9
l5UFtRTki29jP+NNwe/uUTKdCWlBXD0Ma00OY3H3Ap0yUcZwKxWTGxzNZtDMvitV
kfWUh/Ydb5eLPFcbQNAqplWvtBY4lazkgHbHtQMTRXqK/A21tnvxlZXxRJ2B8k21
JgwtpQ0/pjL6nSQ1e/a8M1Nu8mLllLtefhUIR8hUsSya11th4EOtJeFLd1AIkIPB
EcEIuTeA/C1+eMfHet6xhdy1ExfI48Bg0l+bvtckF+jvcPnEANcJyrjqE4w3XBRF
u7YJq8cy21WBGBdTIRpjiqMdBUF6JYXLHI5SOgnR/1tqzvUnVR2XLMCH55gKJAYk
sC54rEtZypAZ6OnP45LkdF3QwLTs0137r6WgUOQiSDRYhw7yf5zq9eg9xSDNLcCf
MoX3haz7eVTiA+w2lWIntlvmE5VaYdQNzkjyveXG40ARTHWDYq0=
=xKov
-----END PGP SIGNATURE-----


Reply to: