php5 security update

2014-06-27T11:30:03
ID DEBIAN:15E18346F4EC1799981CDE552EAD4BA6:72349
Type debian
Reporter Debian
Modified 2014-06-27T11:30:03

Description

Package : php5 Version : 5.3.3-7+squeeze20 CVE ID : CVE-2014-4049

It was discovered that PHP, a general-purpose scripting language commonly used for web application development, is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.