DebianDEBIAN:DSA-4240-1:6F850[SECURITY] [DSA 4240-1] php7.0 security update
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.025 Low
EPSS
Percentile
90.0%
Debian Security Advisory DSA-4240-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2018 https://www.debian.org/security/faq
Package : php7.0
CVE ID : CVE-2018-7584 CVE-2018-10545 CVE-2018-10546
CVE-2018-10547 CVE-2018-10548 CVE-2018-10549
Several vulnerabilities were found in PHP, a widely-used open source
general purpose scripting language:
CVE-2018-7584
Buffer underread in parsing HTTP responses
CVE-2018-10545
Dumpable FPM child processes allowed the bypass of opcache access
controls
CVE-2018-10546
Denial of service via infinite loop in convert.iconv stream filter
CVE-2018-10547
The fix for CVE-2018-5712 (shipped in DSA 4080) was incomplete
CVE-2018-10548
Denial of service via malformed LDAP server responses
CVE-2018-10549
Out-of-bounds read when parsing malformed JPEG files
For the stable distribution (stretch), these problems have been fixed in
version 7.0.30-0+deb9u1.
We recommend that you upgrade your php7.0 packages.
For the detailed security status of php7.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.0
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | i386 | libapache2-mod-php7.0-dbgsym | < 7.0.30-0+deb9u1 | libapache2-mod-php7.0-dbgsym_7.0.30-0+deb9u1_i386.deb |
| Debian | 9 | arm64 | php7.0-intl-dbgsym | < 7.0.30-0+deb9u1 | php7.0-intl-dbgsym_7.0.30-0+deb9u1_arm64.deb |
| Debian | 9 | i386 | php7.0-tidy | < 7.0.30-0+deb9u1 | php7.0-tidy_7.0.30-0+deb9u1_i386.deb |
| Debian | 9 | s390x | php7.0-cli-dbgsym | < 7.0.30-0+deb9u1 | php7.0-cli-dbgsym_7.0.30-0+deb9u1_s390x.deb |
| Debian | 9 | amd64 | php7.0-interbase | < 7.0.30-0+deb9u1 | php7.0-interbase_7.0.30-0+deb9u1_amd64.deb |
| Debian | 8 | i386 | php5-tidy | < 5.6.36+dfsg-0+deb8u1 | php5-tidy_5.6.36+dfsg-0+deb8u1_i386.deb |
| Debian | 9 | armhf | php7.0-snmp | < 7.0.30-0+deb9u1 | php7.0-snmp_7.0.30-0+deb9u1_armhf.deb |
| Debian | 9 | ppc64el | php7.0-phpdbg | < 7.0.30-0+deb9u1 | php7.0-phpdbg_7.0.30-0+deb9u1_ppc64el.deb |
| Debian | 9 | arm64 | php7.0-readline | < 7.0.30-0+deb9u1 | php7.0-readline_7.0.30-0+deb9u1_arm64.deb |
| Debian | 9 | amd64 | php7.0-snmp | < 7.0.30-0+deb9u1 | php7.0-snmp_7.0.30-0+deb9u1_amd64.deb |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.025 Low
EPSS
Percentile
90.0%