[SECURITY] [DSA 2262-2] php5 update

2011-07-0120:00:32

lists.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.7

Confidence

High

EPSS

0.082

Percentile

94.4%

JSON

Debian Security Advisory DSA-2266-2 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2011 http://www.debian.org/security/faq

Package : php5
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-2531 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708
CVE-2011-1153 CVE-2011-1466 CVE-2011-1471 CVE-2011-2202

The update for CVE-2010-2531 for the old stabledistribution (lenny)
introduced a regression, which lead to additional output being written
to stdout.

For the oldstable distribution (lenny), this problem has been fixed in
version 5.2.6.dfsg.1-1+lenny13.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6s390php5-gd< 5.3.3-7+squeeze3php5-gd_5.3.3-7+squeeze3_s390.deb
Debian5hppaphp5-mcrypt< 5.2.6.dfsg.1-1+lenny12php5-mcrypt_5.2.6.dfsg.1-1+lenny12_hppa.deb
Debian5hppaphp5-common< 5.2.6.dfsg.1-1+lenny12php5-common_5.2.6.dfsg.1-1+lenny12_hppa.deb
Debian6powerpcphp5-cli< 5.3.3-7+squeeze3php5-cli_5.3.3-7+squeeze3_powerpc.deb
Debian6i386php5-odbc< 5.3.3-7+squeeze3php5-odbc_5.3.3-7+squeeze3_i386.deb
Debian5mipsphp5-odbc< 5.2.6.dfsg.1-1+lenny12php5-odbc_5.2.6.dfsg.1-1+lenny12_mips.deb
Debian6kfreebsd-amd64php5-xmlrpc< 5.3.3-7+squeeze3php5-xmlrpc_5.3.3-7+squeeze3_kfreebsd-amd64.deb
Debian6sparcphp5-ldap< 5.3.3-7+squeeze3php5-ldap_5.3.3-7+squeeze3_sparc.deb
Debian6kfreebsd-amd64php5-curl< 5.3.3-7+squeeze3php5-curl_5.3.3-7+squeeze3_kfreebsd-amd64.deb
Debian5s390php5-gmp< 5.2.6.dfsg.1-1+lenny12php5-gmp_5.2.6.dfsg.1-1+lenny12_s390.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	s390	php5-gd	< 5.3.3-7+squeeze3	php5-gd_5.3.3-7+squeeze3_s390.deb
Debian	5	hppa	php5-mcrypt	< 5.2.6.dfsg.1-1+lenny12	php5-mcrypt_5.2.6.dfsg.1-1+lenny12_hppa.deb
Debian	5	hppa	php5-common	< 5.2.6.dfsg.1-1+lenny12	php5-common_5.2.6.dfsg.1-1+lenny12_hppa.deb
Debian	6	powerpc	php5-cli	< 5.3.3-7+squeeze3	php5-cli_5.3.3-7+squeeze3_powerpc.deb
Debian	6	i386	php5-odbc	< 5.3.3-7+squeeze3	php5-odbc_5.3.3-7+squeeze3_i386.deb
Debian	5	mips	php5-odbc	< 5.2.6.dfsg.1-1+lenny12	php5-odbc_5.2.6.dfsg.1-1+lenny12_mips.deb
Debian	6	kfreebsd-amd64	php5-xmlrpc	< 5.3.3-7+squeeze3	php5-xmlrpc_5.3.3-7+squeeze3_kfreebsd-amd64.deb
Debian	6	sparc	php5-ldap	< 5.3.3-7+squeeze3	php5-ldap_5.3.3-7+squeeze3_sparc.deb
Debian	6	kfreebsd-amd64	php5-curl	< 5.3.3-7+squeeze3	php5-curl_5.3.3-7+squeeze3_kfreebsd-amd64.deb
Debian	5	s390	php5-gmp	< 5.2.6.dfsg.1-1+lenny12	php5-gmp_5.2.6.dfsg.1-1+lenny12_s390.deb