PHP5 and Curl Updates for Debian
Posted on: 05/26/2019 06:57 AM

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-120-1 php5 security update

Debian GNU/Linux 8 LTS:
DLA 1803-1: php5 security update
DLA 1804-1: curl security update

ELA-120-1 php5 security update
Package: php5
Version: 5.4.45-0+deb7u22
Related CVE: CVE-2019-11036
A read past allocated buffer vulnerability was discovered in the PHP5 programming language within the Exif image module.

For Debian 7 Wheezy, these problems have been fixed in version 5.4.45-0+deb7u22.

We recommend that you upgrade your php5 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/


DLA 1803-1: php5 security update



Package : php5
Version : 5.6.40+dfsg-0+deb8u3
CVE ID : CVE-2019-11034 CVE-2019-11035 CVE-2019-11036


A read past allocated buffer vulnerability and two heap-buffer overflow
vulnerabilites were discovered in the PHP5 programming language within
the Exif image module.


For Debian 8 "Jessie", these problems have been fixed in version
5.6.40+dfsg-0+deb8u3.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




DLA 1804-1: curl security update



Package : curl
Version : 7.38.0-4+deb8u15
CVE ID : CVE-2019-5436
Debian Bug : 929351

cURL, an URL transfer library, contains a heap buffer overflow in the
function tftp_receive_packet() that receives data from a TFTP server.
It calls recvfrom() with the default size for the buffer rather than
with the size that was used to allocate it. Thus, the content that
might overwrite the heap memory is entirely controlled by the server.

For Debian 8 "Jessie", this problem has been fixed in version
7.38.0-4+deb8u15.

We recommend that you upgrade your curl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS





Printed from Linux Compatible (https://www.linuxcompatible.org/news/story/php5_and_curl_updates_for_debian.html)