|
|
Subscribe / Log in / New account

Debian alert DLA-2188-1 (php5)



From:
              Thorsten Alteholz <debian@alteholz.de> 


To:
              debian-lts-announce@lists.debian.org 


Subject:
              [SECURITY] [DLA 2188-1] php5 security update 


Date:
              Sun, 26 Apr 2020 16:08:10 +0200 (CEST)


Message-ID:
              <alpine.DEB.2.20.2004261605550.16484@jupiter.server.alteholz.net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : php5
Version        : 5.6.40+dfsg-0+deb8u11
CVE ID         : CVE-2020-7064 CVE-2020-7066 CVE-2020-7067


Three issues have been found in php5, a server-side, HTML-embedded 
scripting language.

CVE-2020-7064
      A one byte out-of-bounds read, which could potentially lead to
      information disclosure or crash.

CVE-2020-7066
      An URL containing zero (\0) character will be truncated at it, which
      may cause some software to make incorrect assumptions and possibly
      send some information to a wrong server.

CVE-2020-7067
      Using a malformed url-encoded string an Out-of-Bounds read can occur.


For Debian 8 "Jessie", these problems have been fixed in version
5.6.40+dfsg-0+deb8u11.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl6llcpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfkBg/+O+XDy+I4Ec0sSX5Bh8kdAiq26ogLhpoWfJ6xQvnDZvw01h4SfVOGyvgl
v9fcRgiRSybhbCngpgE8r4XNmCPEmaMBJe4zdpTUvfMSvOOohVaXRwE8y8/0fMcC
qDJvrJfAzswvqxkarXebozYpg21KNBI8SJskTCT4aQw/zvTWEyLpWe7vAnClfxfZ
XdkIAcJk00mtHDTkn4EHDCaJMeLgIMPYyF0mKN53AOXjxX7aRmv8J6kj6TrCozhT
VjZaNH4EIrMdAHe5UFeRts9UkPU5DTqsc+XbPc2bSUD5DjHDcdrMyfcDM1lz9d01
lBacmHfTcxVx8gGN0XS9HeJq2p+XBviRIHyaT8bgaWO4RmFP7+MVYoMRMFjLhl9W
ez+A/x2gaxOrB8EfvYmV5lazU72gcY+fmBDE/xT2txp+yJukhr0EzdWszfauD+Ec
K3GFTH3iZXcTA/tVLE6/I4+yTKO+6++ul8/AtmKtQMrFcZFT/kEvixcgANJ584Mx
3YBkZEEd0fSdQG+iq0CZibpgjSd0TrSpR+ObbA0CHrDW+3uDy00MeqnHf8bXaCKN
HHjxbaRoTWMSdPyZzGe4gYZER7kCq04bHHJJwCPfoWKWZK4++W2QI5UJnmYcpAOv
7fwUdSz9kfJWPbyUJFETbnyoJ02rc/L0Fx6CyElzbrwOKAY13Ck=
=jw+E
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds