Debian alert DLA-1076-1 (php5)
| From: | Lucas Kanashiro <kanashiro@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1076-1] php5 security update | |
| Date: | Wed, 30 Aug 2017 12:51:54 -0300 | |
| Message-ID: | <20170830155146.4bn55gp67vjzi2gs@riseup.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : php5 Version : 5.4.45-0+deb7u11 CVE ID : CVE-2017-12933 The finish_nested_data function in ext/standard/var_unserializer.re in PHP is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. For Debian 7 "Wheezy", these problems have been fixed in version 5.4.45-0+deb7u11. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAlmm3ucACgkQ+COicpiD yXxxAA/+N/tEpGzA7cf89Id0brrkNV0PT5whVC20F0k4ahpNE/+2Olv5DILpY3Tu t9hbQe81aPbRHO13SzU5LwUTd5wvH8H896/fOrzVvugpnNUpDmAAgIoWefmx9EPB km91JZTfw1+aejLfN6KtDk+ZGKI7ofhKQ2ktCdmRbp4KHiND3fFy5qxAvNFwChPl qaLBu1q/1zLnlrela7MeihimVzJCic2+imxMNB2p8JWchHDnGaDae0QUGoek4QG9 l5UFtRTki29jP+NNwe/uUTKdCWlBXD0Ma00OY3H3Ap0yUcZwKxWTGxzNZtDMvitV kfWUh/Ydb5eLPFcbQNAqplWvtBY4lazkgHbHtQMTRXqK/A21tnvxlZXxRJ2B8k21 JgwtpQ0/pjL6nSQ1e/a8M1Nu8mLllLtefhUIR8hUsSya11th4EOtJeFLd1AIkIPB EcEIuTeA/C1+eMfHet6xhdy1ExfI48Bg0l+bvtckF+jvcPnEANcJyrjqE4w3XBRF u7YJq8cy21WBGBdTIRpjiqMdBUF6JYXLHI5SOgnR/1tqzvUnVR2XLMCH55gKJAYk sC54rEtZypAZ6OnP45LkdF3QwLTs0137r6WgUOQiSDRYhw7yf5zq9eg9xSDNLcCf MoX3haz7eVTiA+w2lWIntlvmE5VaYdQNzkjyveXG40ARTHWDYq0= =xKov -----END PGP SIGNATURE-----