Update php. Version.
On Jun 29, 2011 2:57 PM, "Moritz Muehlenhoff" <
jmm@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2266-1
security@debian.org>
http://www.debian.org/security/ Moritz Muehlenhoff
> June 29, 2011
http://www.debian.org/security/faq> - -------------------------------------------------------------------------
>
> Package : php5
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2010-2531 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708
> CVE-2011-1153 CVE-2011-1466 CVE-2011-1471 CVE-2011-2202
>
> Several vulnerabilities were discovered in PHP, which could lead to
> denial of service or potentially the execution of arbitrary code.
>
> CVE-2010-2531
>
> An information leak was found in the var_export() function.
>
> CVE-2011-0421
>
> The Zip module could crash.
>
> CVE-2011-0708
>
> An integer overflow was discovered in the Exif module.
>
> CVE-2011-1466
>
> An integer overflow was discovered in the Calendar module.
>
> CVE-2011-1471
>
> The Zip module was prone to denial of service through malformed
> archives.
>
> CVE-2011-2202
>
> Path names in form based file uploads (RFC 1867) were incorrectly
> validated.
>
> This update also fixes two bugs, which are not treated as security
> issues, but fixed nonetheless, see README.Debian.security for details
> on the scope of security support for PHP (CVE-2011-0420, CVE-2011-1153).
>
> For the oldstable distribution (lenny), this problem has been fixed in
> version 5.2.6.dfsg.1-1+lenny12.
>
> For the stable distribution (squeeze), this problem has been fixed in
> version 5.3.3-7+squeeze3.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 5.3.6-12.
>
> We recommend that you upgrade your php5 packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at:
http://www.debian.org/security/
>
> Mailing list:
debian-security-announce@lists.debian.org> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iEYEARECAAYFAk4LcUoACgkQXm3vHE4uylqCbACg2vzq7Fl2cNdA22fY2PM36cjq
> rREAn097NPV6k3RfopU9I+WEvZGaIzpC
> =zfHE
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to
debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org> Archive:
http://lists.debian.org/20110629184245.GA6293@pisco.westfalen.local
>