Debian Security Advisory 2639-1

Debian Security Advisory 2639-1: Posted Mar 6, 2013; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2639-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.; tags | advisory, web, php, vulnerability; systems | linux, debian; advisories | CVE-2013-1635, CVE-2013-1643; SHA-256 | 44e04eb86ca8316cfdb9a7e5bc5e0f9dbeeeb5318bc9c3ba26ffbcb190be3442; Download | Favorite | View

Debian Security Advisory 2639-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2639-1                   security@debian.org
http://www.debian.org/security/                           Thijs Kinkhorst
March 05, 2013                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php5
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-1635 CVE-2013-1643
Debian Bug     : 702221

Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:

CVE-2013-1635

    If a PHP application accepted untrusted SOAP object input remotely
    from clients, an attacker could read system files readable for the
    webserver.

CVE-2013-1643

    The soap.wsdl_cache_dir function did not take PHP open_basedir
    restrictions into account. Note that Debian advises against relying
    on open_basedir restrictions for security.

For the stable distribution (squeeze), these problems have been fixed in
version 5.3.3-7+squeeze15.

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 5.4.4-14.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJRNim2AAoJEFb2GnlAHawEhPIH/ifHNPRqASWJE6tkbHGmJ7ct
9ZU7pc4Jw5u7qy29a1w1KlrP5PYDIyKhigdUe+/X10TVejaifRBTLJBPNFUD6NNr
pDexRqBEftEYO7G0HXptPcmQT+Rhi1FzZEkVrRHU21giPgwckeJM/PRhOE7tt58J
lFqFYN9IBLUIhyetj6ZxuwU/0qeDOxbH64BKi5lXWfPvNT2a98WIFzRJex8rNs1U
KX4ZHBeV3S7ADFGQAgwv2DWWpmFfubhcOoabhrP6uSSV4FygV9W86buZUtZEzIGg
x7VtXIbkMbgNeJNHu/NTwLet6UVrb/piyKEKcAOgM9R9SP8hpHm+RdjkOVHRcKY=
=nUKg
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 267 files
indoushka 178 files
Jay Turla 150 files
Ubuntu 74 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 24 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,591)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,312)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,885)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,861)
UNIX (9,458)
UnixWare (188)
Windows (6,772)
Other

Debian Security Advisory 2639-1

Debian Security Advisory 2639-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 2639-1

Share This

Debian Security Advisory 2639-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems