Bugtraq mailing list archives
[SECURITY] [DSA 2723-1] php5 security update
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 17 Jul 2013 22:20:01 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2723-1 security () debian org http://www.debian.org/security/ Florian Weiemr July 17, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 Vulnerability : heap corruption Problem type : remote Debian-specific: no CVE ID : CVE-2013-4113 Debian Bug : 717139 It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely. For the oldstable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze16. For the stable distribution (wheezy), this problem has been fixed in version 5.4.4-14+deb7u3. For the unstable distribution (sid), this problem has been fixed in version 5.5.0+dfsg-15. We recommend that you upgrade your php5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce () lists debian org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJR5v8bAAoJEL97/wQC1SS+tugH/iq1jPjE01sKby53F/RK2nPf /hZ5Rhy47mXD94DCGPSJFnVvh+HUyjTmRdqBzioql5Ds93uzrDAQqo/HPg/3qM3z 1aR2hsBrW+MFoQgOJ7l3vFNeJogJSZN04Z1nLZjyq1NGJKcM2GBmb2aIxJgJ9Y+6 sOexSQY9wdt7/tHr+xw2/RZHqz83BK1HXnRLWxkhHfQCIepzypxNeSHNMQ6fKKNa qmwk9ULsQlHxlbZ2HWs9K/5NKTOGKrnJBzFi251tMeFgJUo4CPmn4fpd3IjR1ofx IlzTbAE8dmbCv2xafm3jEQRB0EKyDPyOQigwcqfdKMxsUIIdGwP6jS0lHb2qmTc= =EbR5 -----END PGP SIGNATURE-----
Current thread:
- [SECURITY] [DSA 2723-1] php5 security update Florian Weimer (Jul 17)