[SECURITY] [DSA 4240-1] php7.0 security update

From: Moritz Muehlenhoff <jmm@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4240-1] php7.0 security update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4240-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 05, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php7.0
CVE ID         : CVE-2018-7584 CVE-2018-10545 CVE-2018-10546
                 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549

Several vulnerabilities were found in PHP, a widely-used open source
general purpose scripting language:

CVE-2018-7584

    Buffer underread in parsing HTTP responses

CVE-2018-10545

    Dumpable FPM child processes allowed the bypass of opcache access
    controls

CVE-2018-10546

    Denial of service via infinite loop in convert.iconv stream filter

CVE-2018-10547

    The fix for CVE-2018-5712 (shipped in DSA 4080) was incomplete

CVE-2018-10548

    Denial of service via malformed LDAP server responses

CVE-2018-10549

    Out-of-bounds read when parsing malformed JPEG files

For the stable distribution (stretch), these problems have been fixed in
version 7.0.30-0+deb9u1.

We recommend that you upgrade your php7.0 packages.

For the detailed security status of php7.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAls+gHsACgkQEMKTtsN8
TjZQ9g/+OI9kfKCZx/vFJ+dBmP3TGdvFTg81BQo5qNcF7GabJgGPLJ7q7q/Lo8oh
HBIrudLIDXjRI2SyB0F7gkUld2uCzokxRmMG0FvLFVpLpEEvBaqPzK7f9FuD6s1t
ZcoWbNQ7JuBFxnaf8AxOz/qvwgs7RGoO9W4kcjZN3Chs1VKDPatchC2PO1ua5YHa
eX4mpBhpiqYONwrb6eGuSUbJSeJCKSoe3WMYZXPRNPLRktmvDRqR/7BSoYQt/2dj
dVN2+a/0NSw1qE0SdsMwOCK5y9CQ2NgmjqyQzRSrpONe1uwL+It+W6KNkc0fZpKB
0etoddlo6gWc+5lQYNkQoyW5mZhlLwNImxG+BC6z4pLA+4yrQVW3Zm0xqPAqo0ci
PIn/voBeWWzqjdj8ew9fJLewocwchXMYxu/ZWRMOeNE7AkxdutI4Cry4kaUKRgQ8
4EtW+cqjr7pqZ+5eTQY9kpAB9ddQGRcxet3cST2l/og3nxoj9hAn6zH6u8RW7NSD
OSzF18vDN/X45ECX3+/T6eAwW6ntmV/H+dcMVaZM1vw7UyMElCiQ4j8nKwZ7h9SB
DROSUaaspN7SvfXhZKnZ7Ly5qwYbUwN4KbCrf2PhkBgZq8bmtjUxVkRvxlOykm+5
JrwEG1QQ97kmzEiomrhRwP0Ftg9QUAmPrXRNJuibilsI1RG/2gc=
=8Kva
-----END PGP SIGNATURE-----





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.