[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1813-1] php5 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : php5
Version        : 5.6.40+dfsg-0+deb8u4
CVE ID         : CVE-2019-11039 CVE-2019-11040

Two vulnerabilities were found in PHP, a widely-used open source general
purpose scripting language.

CVE-2019-11039

    An integer underflow in the iconv module could be exploited to trigger
    an out of bounds read.

CVE-2019-11040

    A heap buffer overflow was discovered in the EXIF parsing code.

For Debian 8 "Jessie", these problems have been fixed in version
5.6.40+dfsg-0+deb8u4.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlz1AiwACgkQnUbEiOQ2
gwJ6hQ//e3FxCHkLhDfI2h1U6c2gl7iCeA3CNE8sGNcdrdhUwj6q/aO4vq7SifqD
Pczdrx8eUjJqnRbvyfoC+zbVLv3Hj11EFU8RSfc5KMYjSeSWh3RZV+DR0JDtkjys
SI+rShck2Ej7Ajv9XHy/xfseI2PoZ4eIOEBrZgyhMTPBULxUxzIkTUyQd0wcHQsI
rAaQR/ePhH59loXagJa4HrKqRQMs0Tk6ZZo8oODbnMXpqysupfW7X/Q3kI4rn5Eq
qQbsnZF8B90CptEZpUSu5VEALi4FmB7NMEMx9NjeEO93A6rvF4cFUXKlVsaSalsn
U7Pl1wjlBvSJG1M5o9+g7XKCPfG5yN6/ER/NTK/zKNRcwhN6wfMc6FpsFCo6grNf
YNv9rqu5ST5F4ta7NEsRo4tD4QlfAFPX6MkBpiV3oOnXe8zZ1M6ZevbNpwFuAOHX
jd/T/xCrcZbhdgK2PSc+2PC+eOPbpESbl24Df5CSpNch1rt22c0GweJihYXsF2oK
V/SfBN+aDvieRyaBJDRHy13N+3OuB6AiQofHh11w053SV9YUTfcgsfTB5GrqKL47
N7wqmriUIoZKKQox+ynAZ0MI6e7snuRST/r5n+U1mkh3dEl1fYfq93xLmJYX4sd1
LXat7RgOlhz1HLUNJk2vNE77a0Ykwvu6dNuwCAdqyoa1bMXTSo4=
=WqNG
-----END PGP SIGNATURE-----


Reply to: