lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 5 Jul 2018 22:34:23 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4240-1] php7.0 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4240-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 05, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php7.0
CVE ID         : CVE-2018-7584 CVE-2018-10545 CVE-2018-10546
                 CVE-2018-10547 CVE-2018-10548 CVE-2018-10549

Several vulnerabilities were found in PHP, a widely-used open source
general purpose scripting language:

CVE-2018-7584

    Buffer underread in parsing HTTP responses

CVE-2018-10545

    Dumpable FPM child processes allowed the bypass of opcache access
    controls

CVE-2018-10546

    Denial of service via infinite loop in convert.iconv stream filter

CVE-2018-10547

    The fix for CVE-2018-5712 (shipped in DSA 4080) was incomplete

CVE-2018-10548

    Denial of service via malformed LDAP server responses

CVE-2018-10549

    Out-of-bounds read when parsing malformed JPEG files

For the stable distribution (stretch), these problems have been fixed in
version 7.0.30-0+deb9u1.

We recommend that you upgrade your php7.0 packages.

For the detailed security status of php7.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAls+gHsACgkQEMKTtsN8
TjZQ9g/+OI9kfKCZx/vFJ+dBmP3TGdvFTg81BQo5qNcF7GabJgGPLJ7q7q/Lo8oh
HBIrudLIDXjRI2SyB0F7gkUld2uCzokxRmMG0FvLFVpLpEEvBaqPzK7f9FuD6s1t
ZcoWbNQ7JuBFxnaf8AxOz/qvwgs7RGoO9W4kcjZN3Chs1VKDPatchC2PO1ua5YHa
eX4mpBhpiqYONwrb6eGuSUbJSeJCKSoe3WMYZXPRNPLRktmvDRqR/7BSoYQt/2dj
dVN2+a/0NSw1qE0SdsMwOCK5y9CQ2NgmjqyQzRSrpONe1uwL+It+W6KNkc0fZpKB
0etoddlo6gWc+5lQYNkQoyW5mZhlLwNImxG+BC6z4pLA+4yrQVW3Zm0xqPAqo0ci
PIn/voBeWWzqjdj8ew9fJLewocwchXMYxu/ZWRMOeNE7AkxdutI4Cry4kaUKRgQ8
4EtW+cqjr7pqZ+5eTQY9kpAB9ddQGRcxet3cST2l/og3nxoj9hAn6zH6u8RW7NSD
OSzF18vDN/X45ECX3+/T6eAwW6ntmV/H+dcMVaZM1vw7UyMElCiQ4j8nKwZ7h9SB
DROSUaaspN7SvfXhZKnZ7Ly5qwYbUwN4KbCrf2PhkBgZq8bmtjUxVkRvxlOykm+5
JrwEG1QQ97kmzEiomrhRwP0Ftg9QUAmPrXRNJuibilsI1RG/2gc=
=8Kva
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ