Debian: DSA-4240-1: php7.0 security update
Debian: DSA-4240-1: php7.0 security update
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4240-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php7.0 CVE ID : CVE-2018-7584 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2018-7584 Buffer underread in parsing HTTP responses CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls CVE-2018-10546 Denial of service via infinite loop in convert.iconv stream filter CVE-2018-10547 The fix for CVE-2018-5712 (shipped in DSA 4080) was incomplete CVE-2018-10548 Denial of service via malformed LDAP server responses CVE-2018-10549 Out-of-bounds read when parsing malformed JPEG files For the stable distribution (stretch), these problems have been fixed in version 7.0.30-0+deb9u1. We recommend that you upgrade your php7.0 packages. For the detailed security status of php7.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.