PHP5 Security Update for Debian 7 LTS
Posted on: 01/21/2018 02:10 PM

Updated PHP5 5.4 packages has been released for Debian GNU/Linux 7 LTS

PHP5 Security Update for Debian 7 LTS

Package : php5
Version : 5.4.45-0+deb7u12
CVE ID : CVE-2018-5712

It was discovered that PHP5 was vulnerable to a reflected cross-site
scripting (XSS) attack on the PHAR 404 error page by manipulating the
URI of a request for a .phar file. This issue is only exploitable if
the web server is configured to handle phar files using PHP5.

For Debian 7 "Wheezy", these problems have been fixed in version

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:

Printed from Linux Compatible (