[SECURITY] [DLA 1326-1] php5 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1326-1] php5 security update
From: Markus Koschany <apo@debian.org>
Date: Thu, 29 Mar 2018 22:49:42 +0200
Message-id: <[🔎] c4362efd-29cf-0c21-be10-833f3ce06c80@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : php5
Version        : 5.4.45-0+deb7u13
CVE ID         : CVE-2018-7584

Wei Lei and Liu Yang of Nanyang Technological University discovered a
stack-based buffer overflow in PHP5 when parsing a malformed HTTP
response which can be exploited to cause a denial-of-service.

For Debian 7 "Wheezy", these problems have been fixed in version
5.4.45-0+deb7u13.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlq9UWZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSouBAAuhjcbKP60d5VhMe9+ECa9FoncMBgqaY3cp/AEazTCmG4MuCapkP23VCX
zY05/07j8qkVZalSoDsODUjl/LJhXZlZ4XVrkvy684/VIxnl9SgDA9CP0OPa6UCl
fJ66EIo9Mj9HgtzKfflg79QDbkjdrg5Y+1uwWtia9o+3MSPWPazH3/nbMJzJvIbn
8QMz+jcmyl40RnztBH5+qBOb/iWn5ACkSMw7cBBpTvL7NsxwX7/msqPHrNfQ/ALM
FzMBy0Qzg39vlIkHvuqA9dnM+Jpq3VSl4+t9KUXN7AivWzn++JNGLuaBo3BmEMo9
2FyJwP5AEhUm8djQqUdGeLFLrexRSzRfVl54FGea68lrr3RJtnuVVECK+6vfqOPu
8EKHrl8XxRMFrky7yAJzaVPydJMgVmFgL+TUp4hsWVCXXYuWSzlWeaoGew3Ahp7x
9HIlnKEpq9Gur5wLGBp1AEVoyCjCN8yMj0M35KT9eLwKmu4bWQPs08Y8h7Vr727W
7z3dBbdCapjXQz1Uy9F3Z9MZ/vD45uLZiQW570g0NJw+jwELJzIYAMHZzf+63n1v
/YrmogdQ4WNFOzkmSzo1TSkHykLbfnxbFJQKt4/6mnSgdQoXhaDGFP4bpcqgHhjh
PQf2tdgPXmGv1dVCM7OCkWB/JGPMeeQPB+K6U/BhhMeJprkZ+Zg=
=7vXc
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1327-1] thunderbird security update
Next by Date: [SECURITY] [DLA 1329-1] memcached security update
Previous by thread: [SECURITY] [DLA 1327-1] thunderbird security update
Next by thread: [SECURITY] [DLA 1329-1] memcached security update
Index(es):
- Date
- Thread