5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.59 Medium
EPSS
Percentile
97.7%
Debian Security Advisory DSA-2816-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
December 12, 2013 http://www.debian.org/security/faq
Package : php5
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-6420 CVE-2013-6712
Debian Bug : 731112 731895
Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development. The Common
Vulnerabilities and Exposures project identifies the following issues:
CVE-2013-6420
Stefan Esser reported possible memory corruption in
openssl_x509_parse().
CVE-2013-6712
Creating DateInterval objects from parsed ISO dates was
not properly restricted, which allowed to cause a
denial of service.
In addition, the update for Debian 7 "Wheezy" contains several bugfixes
originally targeted for the upcoming Wheezy point release.
For the oldstable distribution (squeeze), these problems have been fixed in
version 5.3.3-7+squeeze18.
For the stable distribution (wheezy), these problems have been fixed in
version 5.4.4-14+deb7u7.
For the unstable distribution (sid), these problems have been fixed in
version 5.5.6+dfsg-2.
We recommend that you upgrade your php5 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | armel | php5-mysqlnd | < 5.4.4-14+deb7u7 | php5-mysqlnd_5.4.4-14+deb7u7_armel.deb |
Debian | 6 | amd64 | php5-gmp | < 5.3.3-7+squeeze18 | php5-gmp_5.3.3-7+squeeze18_amd64.deb |
Debian | 6 | armel | php5-sqlite | < 5.3.3-7+squeeze18 | php5-sqlite_5.3.3-7+squeeze18_armel.deb |
Debian | 6 | mipsel | php5-cgi | < 5.3.3-7+squeeze18 | php5-cgi_5.3.3-7+squeeze18_mipsel.deb |
Debian | 7 | i386 | php5-imap | < 5.4.4-14+deb7u7 | php5-imap_5.4.4-14+deb7u7_i386.deb |
Debian | 7 | armel | php5-odbc | < 5.4.4-14+deb7u7 | php5-odbc_5.4.4-14+deb7u7_armel.deb |
Debian | 7 | s390x | php5-dev | < 5.4.4-14+deb7u7 | php5-dev_5.4.4-14+deb7u7_s390x.deb |
Debian | 6 | mipsel | php5-common | < 5.3.3-7+squeeze18 | php5-common_5.3.3-7+squeeze18_mipsel.deb |
Debian | 6 | i386 | php5-pspell | < 5.3.3-7+squeeze18 | php5-pspell_5.3.3-7+squeeze18_i386.deb |
Debian | 7 | ia64 | libapache2-mod-php5filter | < 5.4.4-14+deb7u7 | libapache2-mod-php5filter_5.4.4-14+deb7u7_ia64.deb |