[SECURITY] [DSA 2816-1] php5 security update

2013-12-1221:18:13

lists.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.59 Medium

EPSS

Percentile

97.7%

JSON

Debian Security Advisory DSA-2816-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
December 12, 2013 http://www.debian.org/security/faq

Package : php5
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-6420 CVE-2013-6712
Debian Bug : 731112 731895

Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development. The Common
Vulnerabilities and Exposures project identifies the following issues:

CVE-2013-6420

Stefan Esser reported possible memory corruption in
openssl_x509_parse().

CVE-2013-6712

Creating DateInterval objects from parsed ISO dates was
not properly restricted, which allowed to cause a
denial of service.

In addition, the update for Debian 7 "Wheezy" contains several bugfixes
originally targeted for the upcoming Wheezy point release.

For the oldstable distribution (squeeze), these problems have been fixed in
version 5.3.3-7+squeeze18.

For the stable distribution (wheezy), these problems have been fixed in
version 5.4.4-14+deb7u7.

For the unstable distribution (sid), these problems have been fixed in
version 5.5.6+dfsg-2.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7armelphp5-mysqlnd< 5.4.4-14+deb7u7php5-mysqlnd_5.4.4-14+deb7u7_armel.deb
Debian6amd64php5-gmp< 5.3.3-7+squeeze18php5-gmp_5.3.3-7+squeeze18_amd64.deb
Debian6armelphp5-sqlite< 5.3.3-7+squeeze18php5-sqlite_5.3.3-7+squeeze18_armel.deb
Debian6mipselphp5-cgi< 5.3.3-7+squeeze18php5-cgi_5.3.3-7+squeeze18_mipsel.deb
Debian7i386php5-imap< 5.4.4-14+deb7u7php5-imap_5.4.4-14+deb7u7_i386.deb
Debian7armelphp5-odbc< 5.4.4-14+deb7u7php5-odbc_5.4.4-14+deb7u7_armel.deb
Debian7s390xphp5-dev< 5.4.4-14+deb7u7php5-dev_5.4.4-14+deb7u7_s390x.deb
Debian6mipselphp5-common< 5.3.3-7+squeeze18php5-common_5.3.3-7+squeeze18_mipsel.deb
Debian6i386php5-pspell< 5.3.3-7+squeeze18php5-pspell_5.3.3-7+squeeze18_i386.deb
Debian7ia64libapache2-mod-php5filter< 5.4.4-14+deb7u7libapache2-mod-php5filter_5.4.4-14+deb7u7_ia64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	armel	php5-mysqlnd	< 5.4.4-14+deb7u7	php5-mysqlnd_5.4.4-14+deb7u7_armel.deb
Debian	6	amd64	php5-gmp	< 5.3.3-7+squeeze18	php5-gmp_5.3.3-7+squeeze18_amd64.deb
Debian	6	armel	php5-sqlite	< 5.3.3-7+squeeze18	php5-sqlite_5.3.3-7+squeeze18_armel.deb
Debian	6	mipsel	php5-cgi	< 5.3.3-7+squeeze18	php5-cgi_5.3.3-7+squeeze18_mipsel.deb
Debian	7	i386	php5-imap	< 5.4.4-14+deb7u7	php5-imap_5.4.4-14+deb7u7_i386.deb
Debian	7	armel	php5-odbc	< 5.4.4-14+deb7u7	php5-odbc_5.4.4-14+deb7u7_armel.deb
Debian	7	s390x	php5-dev	< 5.4.4-14+deb7u7	php5-dev_5.4.4-14+deb7u7_s390x.deb
Debian	6	mipsel	php5-common	< 5.3.3-7+squeeze18	php5-common_5.3.3-7+squeeze18_mipsel.deb
Debian	6	i386	php5-pspell	< 5.3.3-7+squeeze18	php5-pspell_5.3.3-7+squeeze18_i386.deb
Debian	7	ia64	libapache2-mod-php5filter	< 5.4.4-14+deb7u7	libapache2-mod-php5filter_5.4.4-14+deb7u7_ia64.deb