Re: [SECURITY] [DSA 3074-1] php5 security update

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA 3074-1] php5 security update
From: Herman harperink <herman@harperink.de>
Date: Wed, 19 Nov 2014 06:56:34 +0100
Message-id: <[🔎] 9EE2152B-8D32-4DC8-89A8-5EAAD6581C5D@harperink.de>
In-reply-to: <20141118211042.GA9832@scapa.corsac.net>
References: <20141118211042.GA9832@scapa.corsac.net>

This update is incompatible with sed and gives some trouble on webservers in /use/lib/php5/sessionclean (invalid option -- "z")



> On 18 nov. 2014, at 22:10, Yves-Alexis Perez <corsac@debian.org> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3074-1                   security@debian.org
> http://www.debian.org/security/                         Yves-Alexis Perez
> November 18, 2014                      http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : php5
> CVE ID         : CVE-2014-3710
> Debian Bug     : 68283
> 
> Francisco Alonso of Red Hat Product Security found an issue in the file
> utility, whose code is embedded in PHP, a general-purpose scripting
> language.  When checking ELF files, note headers are incorrectly
> checked, thus potentially allowing attackers to cause a denial of
> service (out-of-bounds read and application crash) by supplying a
> specially crafted ELF file.
> 
> As announced in DSA-3064-1 it has been decided to follow the stable
> 5.4.x releases for the Wheezy php5 packages. Consequently the
> vulnerability is addressed by upgrading PHP to a new upstream version
> 5.4.35, which includes additional bug fixes, new features and possibly
> incompatible changes. Please refer to the upstream changelog for more
> information:
> 
> http://php.net/ChangeLog-5.php#5.4.35
> 
> For the stable distribution (wheezy), this problem has been fixed in
> version 5.4.35-0+deb7u1.
> 
> We recommend that you upgrade your php5 packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> 
> iQEcBAEBCgAGBQJUa7XMAAoJEG3bU/KmdcClzHgH/3sZmgwrWGUenVLcg3c8TWE3
> uPMWOrUcRmPLzkyWuixKKaU1nijwB3EEYknNqGKqT87lLmZIntWF9FoJXfX6mxrg
> UpeSHQTknLPdL8w6gAg2KTFCkua+k8wIOqmW7TSpSHr6LU6Aq6ePkBGzBfEaXWLK
> JbL1HE8/SmfQ5+DWbaxz+g9cb5vJRHUUWGbTs2WotdrBlYho9wz4cSlx9khEIt3V
> B/NJ3Etvl7UMgS7Tii3h0WW+hksrgrXt8itBj7aNtasnFNf3iySlUoEaxeotIugu
> W6chDiuEKYdsq1jDdl0T/GhT2K9UxGIPoTwhvygLbGO20bw1Ux1Ku+r2qSNfryY=
> =0CGm
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: https://lists.debian.org/20141118211042.GA9832@scapa.corsac.net
>

Reply to:

Prev by Date: Re: [SECURITY] [DSA 3074-1] php5 security update
Next by Date: Re: [SECURITY] [DSA 3074-1] php5 security update
Previous by thread: Re: [SECURITY] [DSA 3074-1] php5 security update
Next by thread: [sipgate Adminteam] Betreff: [SECURITY] [DSA 3074-1] php5 security update
Index(es):
- Date
- Thread