Debian Security Advisory 3195-1

Debian Security Advisory 3195-1: Posted Mar 19, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3195-1 - Multiple vulnerabilities have been discovered in the PHP language.; tags | advisory, php, vulnerability; systems | linux, debian; advisories | CVE-2014-9705, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-2305; SHA-256 | cdc2de2a28ef492aa693f78551e5dffaa0a184f87b36f4a424a161f2adfc8add; Download | Favorite | View

Debian Security Advisory 3195-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3195-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
March 18, 2015                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php5
CVE ID         : CVE-2014-9705 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 
                 CVE-2015-2305

Multiple vulnerabilities have been discovered in the PHP language:

CVE-2015-2305

   Guido Vranken discovered a heap overflow in the ereg extension
   (only applicable to 32 bit systems).

CVE-2014-9705

   Buffer overflow in the enchant extension.

CVE-2015-0231

   Stefan Esser discovered a use-after-free in the unserialisation
   of objects.

CVE-2015-0232

   Alex Eubanks discovered incorrect memory management in the exif
   extension.

CVE-2015-0273

   Use-after-free in the unserialisation of DateTimeZone.

For the stable distribution (wheezy), these problems have been fixed in
version 5.4.38-0+deb7u1.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 5.6.6+dfsg-2.

For the unstable distribution (sid), these problems have been fixed in
version 5.6.6+dfsg-2.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVCWe4AAoJEBDCk7bDfE4249UP/jlinAvm/+JfHoVuW/t/ymdX
uh0E6W+arGNh3To1qZk/LtijFjoWgw/GUIcWbwx6JASZPrufHKARyg+PuQkv6K4c
s13O+929CD2/j0QD4qZpi+fUJl2mSZW4SSmlc7ZO8XKUf6648SJZQKnE50HyEhkI
/EM57Z920B+8LB01BQf5glWpZaJb730OyVgB3kzga17A7ew+Rn1vXSRSdxrPHz7t
rthR0alQ0MD+VpxvUIBtHUSIDNWr0YZkul7pf5T7U6LXaZKv4SEGmg0wkAu4CxBi
ugnBpma6Y5DsNB3qsaeelxH9bRZ9yuL5R7ocTZCq7jseOCwVz8jXkvWwFUZQUB/g
dBGZF17qhlEOV3RZ5G0VA0sO87rv9TNtFKV7BXT10ktjMMbBeyK8Abf4Gxuv4NyJ
tSaf3+y7ZMgC2/D/IghDZlWLKsTPWEitPnFY3IMVGI34RJIK58Y6kRF1gp95kGpz
Yu6TSkO+rJpvKwGCaJMVJ+BlR4beeptRWCIGyDK77FC4L5AYroB0iBKE+KscesHn
OFtBLbNTNZ0LhAKmUL62AptY76LB5MxPPpUPC1VcMPZNPt7YFm8QOz/3tvikf3GT
pq+DzelS3xSzZ3hDWq8ZVGy2jdS4kpuQ/8YXKJ+G82GDHnHf1uLCcbtuHIfp32b0
+3iVdyFOEiUQFzsBBbi0
=HSFm
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 3195-1

Debian Security Advisory 3195-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3195-1

Share This

Debian Security Advisory 3195-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems