[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2266-1] php5 security update

Update php. Version.

On Jun 29, 2011 2:57 PM, "Moritz Muehlenhoff" <jmm@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2266-1 security@debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> June 29, 2011 http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : php5
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2010-2531 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708
> CVE-2011-1153 CVE-2011-1466 CVE-2011-1471 CVE-2011-2202
>
> Several vulnerabilities were discovered in PHP, which could lead to
> denial of service or potentially the execution of arbitrary code.
>
> CVE-2010-2531
>
> An information leak was found in the var_export() function.
>
> CVE-2011-0421
>
> The Zip module could crash.
>
> CVE-2011-0708
>
> An integer overflow was discovered in the Exif module.
>
> CVE-2011-1466
>
> An integer overflow was discovered in the Calendar module.
>
> CVE-2011-1471
>
> The Zip module was prone to denial of service through malformed
> archives.
>
> CVE-2011-2202
>
> Path names in form based file uploads (RFC 1867) were incorrectly
> validated.
>
> This update also fixes two bugs, which are not treated as security
> issues, but fixed nonetheless, see README.Debian.security for details
> on the scope of security support for PHP (CVE-2011-0420, CVE-2011-1153).
>
> For the oldstable distribution (lenny), this problem has been fixed in
> version 5.2.6.dfsg.1-1+lenny12.
>
> For the stable distribution (squeeze), this problem has been fixed in
> version 5.3.3-7+squeeze3.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 5.3.6-12.
>
> We recommend that you upgrade your php5 packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iEYEARECAAYFAk4LcUoACgkQXm3vHE4uylqCbACg2vzq7Fl2cNdA22fY2PM36cjq
> rREAn097NPV6k3RfopU9I+WEvZGaIzpC
> =zfHE
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20110629184245.GA6293@pisco.westfalen.local
>
Reply to: