Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Debian: DSA-3390-1 Important: Python Remote Code Execution Vulnerabilities

debian
Calendar Grey October 27, 2015
Debian Logo
Recent security flaws in PHP have been identified, potentially causing Denial of Service and exposing sensitive information. Immediate patching of php5 packages is necessary.
Two vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development

Summary

Two vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.

CVE-2015-7803

The phar extension could crash with a NULL pointer dereference
when processing tar archives containing links referring to
non-existing files. This could lead to a denial of service.

CVE-2015-7804

The phar extension does not correctly process directory entries
found in archive files with the name "/", leading to a denial of
service and, potentially, information disclosure.

The update for Debian stable (jessie) contains additional bug fixes
from PHP upstream version 5.6.14, as described in the upstream
changelog:

https://www.php.net/ChangeLog-5.php

Note to users of the the oldstable distribution (wheezy): PHP 5.4 has
reached end-of-life on September 14th, 2015. As a result, there will
be no more new upstream releases. The security support of PHP 5.4 in
Debian oldstable (wheezy) will be best effort only, and you are
strongly advised to up...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Package: php5
CVE ID: CVE-2015-7803 CVE-2015-7804

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.