Debian Security Advisory
DSA-4240-1 php7.0 -- security update
- Date Reported:
- 05 Jul 2018
- Affected Packages:
- php7.0
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-7584, CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549.
- More information:
-
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language:
- CVE-2018-7584
Buffer underread in parsing HTTP responses
- CVE-2018-10545
Dumpable FPM child processes allowed the bypass of opcache access controls
- CVE-2018-10546
Denial of service via infinite loop in convert.iconv stream filter
- CVE-2018-10547
The fix for CVE-2018-5712 (shipped in DSA 4080) was incomplete
- CVE-2018-10548
Denial of service via malformed LDAP server responses
- CVE-2018-10549
Out-of-bounds read when parsing malformed JPEG files
For the stable distribution (stretch), these problems have been fixed in version 7.0.30-0+deb9u1.
We recommend that you upgrade your php7.0 packages.
For the detailed security status of php7.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.0
- CVE-2018-7584