Debian Security Advisory

DLA-1679-1 php5 -- LTS security update

Date Reported:
17 Feb 2019
Affected Packages:
Security database references:
No other external database security references currently available.
More information:

Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include GD graphics, multi-byte string handling, phar file format handling, and xmlrpc.

CVEs have not yet been assigned. Once the CVE assignments are announced, the Debian Security Tracker will be updated with the relevant information.

For Debian 8 Jessie, this problems have been fixed in version 5.6.40+dfsg-0+deb8u1.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: