[SECURITY] [DSA 5424-1] php7.4 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5424-1] php7.4 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 13 Jun 2023 20:02:19 +0000
Message-id: <[🔎] ZIjLS1qewgcRh5+Z@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5424-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 13, 2023                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php7.4
CVE ID         : not yet available

It was discovered that PHP's implementation of SOAP HTTP Digest
authentication performed insufficient error validation, which may result
in a stack information leak or use of weak randomness.

For the oldstable distribution (bullseye), this problem has been fixed
in version 7.4.33-1+deb11u4.

We recommend that you upgrade your php7.4 packages.

For the detailed security status of php7.4 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.4

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSIyvIACgkQEMKTtsN8
TjYdURAAmtKmyN+UIZIfOHkrg4DxpNL2dwSBcUefcozb5CYvo8R0RQJt62Ce+aI+
nP6UXn0GCTzepfzJPGHS93t4BPNvxIQmp8jlofkRX1/Lnrg3ndPPtop+eQhmwdOq
65app3kj/sa7b6sZKbsgbvayHu5eo1pRO0DCFIdHamDVcW1RFzJSCNOpsk6L9LjF
qvOss5I8WXzL3z2TVGb20rv5LG78/nfPNgLIr63faG7XA2hQgCkT1iIlY8qT1IOT
yKHxMWEnDFxZnnHWOFV3DF8iPF8EjmBKDAaEWWwOeIkk5Kiu4Jj8RayC0Gs6KPA0
OI0NJ1ejdvGDa1SbJOqvtX5QHzc+jqqrpKlmtc2zHLezH9YZW802jkMOvxI65zep
bYRXMsIqmDi624v5eJQh6qytl9YeLAsoJZfHw6Ic4RmpYfE/bsibX+y98TnKbDeU
bkAOtG7m6kDobYQ8FXiY/dGK0jWLkcMCbU9lP4onL7s3SshJJEKgeyE17av2LUSJ
rPszxcD6wKbUj8hchn0t6AKtAKPMk8YHPS5mnUVd2jkNzgAmu7PrWgtoK94dfby1
SB62HN129+6GMO67VQhEHQjgsbubnYRYq92+qKpZ0bvq7Oq54G9XYcRzsoGCXkBh
Qnoqei8PSSKchWEd887q4sFxUmZYgqSN9xtNJSzOX/lv07bYNHM=
=4iUa
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5423-1] thunderbird security update
Next by Date: [SECURITY] [DSA 5425-1] php8.2 security update
Previous by thread: [SECURITY] [DSA 5423-1] thunderbird security update
Next by thread: [SECURITY] [DSA 5425-1] php8.2 security update
Index(es):
- Date
- Thread