[SECURITY] [DSA 2262-2] php5 update

2011-07-0120:00:32

lists.debian.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.066 Low

EPSS

Percentile

93.7%

JSON

Debian Security Advisory DSA-2266-2 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2011 http://www.debian.org/security/faq

Package : php5
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-2531 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708
CVE-2011-1153 CVE-2011-1466 CVE-2011-1471 CVE-2011-2202

The update for CVE-2010-2531 for the old stabledistribution (lenny)
introduced a regression, which lead to additional output being written
to stdout.

For the oldstable distribution (lenny), this problem has been fixed in
version 5.2.6.dfsg.1-1+lenny13.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian5armphp5-mcrypt< 5.2.6.dfsg.1-1+lenny12php5-mcrypt_5.2.6.dfsg.1-1+lenny12_arm.deb
Debian5mipselphp5-gd< 5.2.6.dfsg.1-1+lenny12php5-gd_5.2.6.dfsg.1-1+lenny12_mipsel.deb
Debian6i386php5-cli< 5.3.3-7+squeeze3php5-cli_5.3.3-7+squeeze3_i386.deb
Debian6mipsphp5-xmlrpc< 5.3.3-7+squeeze3php5-xmlrpc_5.3.3-7+squeeze3_mips.deb
Debian6amd64php5-intl< 5.3.3-7+squeeze3php5-intl_5.3.3-7+squeeze3_amd64.deb
Debian6sparcphp5-xmlrpc< 5.3.3-7+squeeze3php5-xmlrpc_5.3.3-7+squeeze3_sparc.deb
Debian6i386php5-common< 5.3.3-7+squeeze3php5-common_5.3.3-7+squeeze3_i386.deb
Debian6sparcphp5-imap< 5.3.3-7+squeeze3php5-imap_5.3.3-7+squeeze3_sparc.deb
Debian5amd64php5-recode< 5.2.6.dfsg.1-1+lenny12php5-recode_5.2.6.dfsg.1-1+lenny12_amd64.deb
Debian5armelphp5-snmp< 5.2.6.dfsg.1-1+lenny12php5-snmp_5.2.6.dfsg.1-1+lenny12_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	5	arm	php5-mcrypt	< 5.2.6.dfsg.1-1+lenny12	php5-mcrypt_5.2.6.dfsg.1-1+lenny12_arm.deb
Debian	5	mipsel	php5-gd	< 5.2.6.dfsg.1-1+lenny12	php5-gd_5.2.6.dfsg.1-1+lenny12_mipsel.deb
Debian	6	i386	php5-cli	< 5.3.3-7+squeeze3	php5-cli_5.3.3-7+squeeze3_i386.deb
Debian	6	mips	php5-xmlrpc	< 5.3.3-7+squeeze3	php5-xmlrpc_5.3.3-7+squeeze3_mips.deb
Debian	6	amd64	php5-intl	< 5.3.3-7+squeeze3	php5-intl_5.3.3-7+squeeze3_amd64.deb
Debian	6	sparc	php5-xmlrpc	< 5.3.3-7+squeeze3	php5-xmlrpc_5.3.3-7+squeeze3_sparc.deb
Debian	6	i386	php5-common	< 5.3.3-7+squeeze3	php5-common_5.3.3-7+squeeze3_i386.deb
Debian	6	sparc	php5-imap	< 5.3.3-7+squeeze3	php5-imap_5.3.3-7+squeeze3_sparc.deb
Debian	5	amd64	php5-recode	< 5.2.6.dfsg.1-1+lenny12	php5-recode_5.2.6.dfsg.1-1+lenny12_amd64.deb
Debian	5	armel	php5-snmp	< 5.2.6.dfsg.1-1+lenny12	php5-snmp_5.2.6.dfsg.1-1+lenny12_armel.deb