A php5 security update has been released for Debian GNU/Linux 7 Extended LTS. Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include the exif module and handling of filenames with \0 embedded.

ELA-204-1 php5 security update

Package php5

Version 5.4.45-0+deb7u26

Related CVE CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050


Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include the exif module and handling of filenames with \0 embedded.



For Debian 7 Wheezy, these problems have been fixed in version 5.4.45-0+deb7u26.



We recommend that you upgrade your php5 packages.



Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/