[Technik] [SECURITY] [DSA 1572-1] New php5 packages fix several vulnerabilities
Noèl Köthe
noel at debian.org
Tue May 13 15:37:20 CEST 2008
Am Sonntag, den 11.05.2008, 17:15 +0200 schrieb Thijs Kinkhorst:
> Debian Security Advisory DSA-1572-1 security at debian.org
> http://www.debian.org/security/ Thijs Kinkhorst
> May 11, 2008 http://www.debian.org/security/faq
>
> Package : php5
> Vulnerability : several
> Problem type : local/remote
> Debian-specific: no
> CVE Id(s) : CVE-2007-3806 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051
> Debian Bug : 479723
php5 auf h01, h02, h03, h04, h51 und h52 aktualisiert.
> For the stable distribution (etch), these problems have been fixed in
> version 5.2.0-8+etch11.
changelog:
php5 (5.2.0-8+etch11) stable-security; urgency=high
* Upload to etch for security issues.
* The following security issues are addressed with this update:
- CVE-2007-3806: glob denial of service
- CVE-2008-1384: integer overflow in printf()
- CVE-2008-2050: possible stack buffer overflow in the FastCGI SAPI
- CVE-2008-2051: incomplete multibyte chars inside escapeshellcmd()
closes: #479723
-- sean finney <seanius at debian.org> Thu, 21 Feb 2008 07:09:01 +0100
php5 (5.2.0-8+etch11~p1) stable; urgency=high
* zend_parse_parameters does not handle size_t's, causing issues with
043-recode_size_t.patch and segmentation faults for recode-using pages.
changed problematic parameters back to "int" and added an overflow check.
thanks to Thomas Stegbauer, Tim Dijkstra, Bart Cortooms, Sebastian Göbel,
and Vincent Tondellier for their reports. closes: #459020.
-- Sean Finney <seanius at debian.org> Thu, 21 Feb 2008 06:46:02 +0100
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080513/d335bc86/attachment.pgp
More information about the Technik
mailing list