lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 26 Jul 2016 22:46:29 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3631-1] php5 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3631-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 26, 2016                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php5
CVE ID         : CVE-2016-5385 CVE-2016-5399 CVE-2016-6289 CVE-2016-6290 
                 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295
                 CVE-2016-6296 CVE-2016-6297

Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.

The vulnerabilities are addressed by upgrading PHP to the new upstream
version 5.6.24, which includes additional bug fixes. Please refer to the
upstream changelog for more information:

https://php.net/ChangeLog-5.php#5.6.24

For the stable distribution (jessie), these problems have been fixed in
version 5.6.24+dfsg-0+deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 7.0.9-1 of the php7.0 source package.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXl8vVAAoJEBDCk7bDfE423hAQAIPEiALq8HQACO7oVQWG1X14
T5M+RjjR/EYHqN0VLZ6JprRZDmN4noANfvWX2onKzF/KhA+1cKBvWrUz+X9623kb
6T5Cd2tsLJI9Cke83UcDJlD3wbPTW//9TRVLdPU1FI5LgJ4FU1pdxQ6KTMlcjiZ8
xAPCjwae8MOT+p4ajxjRS5DWM+oqEXi9oOIE4Ru+zUFY2y2zmV1u5rgSRRJbbeCv
RUsPj6XGWHkEc36eoOLH3AC0ZKBfW6eQAC5NTUyMxFCYghD94QCHIGGNzeRrvnfX
fvejjNAvgXcSle4xs2D4ltFUpF0uDWqrqflJKO7IvnNXB1uBgrCVcXsK+laz9dIX
hYEy/HX/+lAcjPFSlZGj1LMKKHjVAvNJpjMGcC7hizOPVSOT/r0BvBhdID4sV26S
WtkE60R6NcSwe589N+aIBLSPeR1YMs5wVi+Ez4iUR5VPOkqxOio412I5s1GiGeAg
RJbZVHgxMPpsRpWhrXho+ZdDNI4Nd865MdQn8yIbCK4FmjsnN/gz5urWyLQcsSTT
8xnq3yaWK3dbfzWC6ZcvAdTBrDVXHTUeFU7XFMylMiCUGBHw7cgznJ47amWDmnnc
Y2usZhlKV/c7rBDgYYH0dQfAIm93SSi5236wpWNA9utxbks0Lg0Uh2HpJ0zAZv1V
LaE1mifVk8/cCxLvmcXn
=7J9V
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ