[SECURITY] [DLA 1803-1] php5 security update

2019-05-2510:53:33

lists.debian.org

262

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.005 Low

EPSS

Percentile

77.1%

JSON

Package : php5
Version : 5.6.40+dfsg-0+deb8u3
CVE ID : CVE-2019-11034 CVE-2019-11035 CVE-2019-11036

A read past allocated buffer vulnerability and two heap-buffer overflow
vulnerabilites were discovered in the PHP5 programming language within
the Exif image module.

For Debian 8 "Jessie", these problems have been fixed in version
5.6.40+dfsg-0+deb8u3.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10ppc64elphp7.3-xmlrpc< 7.3.9-1~deb10u1php7.3-xmlrpc_7.3.9-1~deb10u1_ppc64el.deb
Debian10amd64php7.3-dba< 7.3.9-1~deb10u1php7.3-dba_7.3.9-1~deb10u1_amd64.deb
Debian10s390xphp7.3-gmp-dbgsym< 7.3.9-1~deb10u1php7.3-gmp-dbgsym_7.3.9-1~deb10u1_s390x.deb
Debian8amd64php5-tidy< 5.6.40+dfsg-0+deb8u3php5-tidy_5.6.40+dfsg-0+deb8u3_amd64.deb
Debian9mips64elphp7.0-gd< 7.0.33-0+deb9u5php7.0-gd_7.0.33-0+deb9u5_mips64el.deb
Debian9armelphp7.0-curl< 7.0.33-0+deb9u5php7.0-curl_7.0.33-0+deb9u5_armel.deb
Debian10mipselphp7.3-tidy-dbgsym< 7.3.9-1~deb10u1php7.3-tidy-dbgsym_7.3.9-1~deb10u1_mipsel.deb
Debian9s390xphp7.0-gmp< 7.0.33-0+deb9u5php7.0-gmp_7.0.33-0+deb9u5_s390x.deb
Debian8armelphp5-mysql< 5.6.40+dfsg-0+deb8u3php5-mysql_5.6.40+dfsg-0+deb8u3_armel.deb
Debian9mipselphp7.0-phpdbg-dbgsym< 7.0.33-0+deb9u5php7.0-phpdbg-dbgsym_7.0.33-0+deb9u5_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	ppc64el	php7.3-xmlrpc	< 7.3.9-1~deb10u1	php7.3-xmlrpc_7.3.9-1~deb10u1_ppc64el.deb
Debian	10	amd64	php7.3-dba	< 7.3.9-1~deb10u1	php7.3-dba_7.3.9-1~deb10u1_amd64.deb
Debian	10	s390x	php7.3-gmp-dbgsym	< 7.3.9-1~deb10u1	php7.3-gmp-dbgsym_7.3.9-1~deb10u1_s390x.deb
Debian	8	amd64	php5-tidy	< 5.6.40+dfsg-0+deb8u3	php5-tidy_5.6.40+dfsg-0+deb8u3_amd64.deb
Debian	9	mips64el	php7.0-gd	< 7.0.33-0+deb9u5	php7.0-gd_7.0.33-0+deb9u5_mips64el.deb
Debian	9	armel	php7.0-curl	< 7.0.33-0+deb9u5	php7.0-curl_7.0.33-0+deb9u5_armel.deb
Debian	10	mipsel	php7.3-tidy-dbgsym	< 7.3.9-1~deb10u1	php7.3-tidy-dbgsym_7.3.9-1~deb10u1_mipsel.deb
Debian	9	s390x	php7.0-gmp	< 7.0.33-0+deb9u5	php7.0-gmp_7.0.33-0+deb9u5_s390x.deb
Debian	8	armel	php5-mysql	< 5.6.40+dfsg-0+deb8u3	php5-mysql_5.6.40+dfsg-0+deb8u3_armel.deb
Debian	9	mipsel	php7.0-phpdbg-dbgsym	< 7.0.33-0+deb9u5	php7.0-phpdbg-dbgsym_7.0.33-0+deb9u5_mipsel.deb