-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4080-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php7.0 CVE ID : CVE-2017-11144 CVE-2017-11145 CVE-2017-11628 CVE-2017-12932 CVE-2017-12933 CVE-2017-12934 CVE-2017-16642 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function CVE-2017-11145 Out-of-bounds read in wddx_deserialize() CVE-2017-11628 Buffer overflow in PHP INI parsing API CVE-2017-12932 / CVE-2017-12934 Use-after-frees during unserialisation CVE-2017-12933 Buffer overread in finish_nested_data() CVE-2017-16642 Out-of-bounds read in timelib_meridian() For the stable distribution (stretch), these problems have been fixed in version 7.0.27-0+deb9u1. We recommend that you upgrade your php7.0 packages. For the detailed security status of php7.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlpT7hUACgkQEMKTtsN8 TjZWCRAAg8ilmfTDQOwCCwXF2nwOk9Ev6G7hZkHzrAO3w9b7E9ygSjUCEIh+7Jqh zJ4AcZuAH/fzGcr84mMboeAL6decXXM5g4Pi0jWuTBXHJCaW3rfgh0RZdJIacz3V p7niE81skjOZQJsIsrthHtYBB5jhi4jJmLrxowEOcFyNYfkEPjJ3GsHaRMJy8kdZ 3idASsC3gisnBhSiCGZdFV6JzNOrErMJ5XPSzN7BNsiSny7TrwyGQCFsxP92Bq7F 7Wc+L9YZnJeaiNkpHK4ur9nbL4Jr8irtMYSERXoZwKX2eYaRK37gR6sjUfdCWssT tASVTWlVvClGwp0cqkV2C5hcFeVKC1bASxCqROPWPFZ6+pl4ai8KOli6fyA18f0L kskALnZSsB+XZbxzXrN/FKRfsUJIARwebrMMcTQxvlaFsnUxf73jz0sQ/WYrzIeV PXICiTwg6L2kiGyFdgOardcEMzl/50V64/vAtsHlAladzLQN00dDYrkUqjhI3ZEq 2nA2GnBoLC/8OJSU+CRSvNOfSW2UoxEr2GBvh5xtlyCEeeo3ytgOZrtyNE9AGwgq MDkK9EXEXuMtb7mFcf4uRVPam+4kUESKH3aD1L9ObTlfweMKp7iJeWBuMsmgulOT NKWKPVmXkEgh/tRTtqjMEF7LIvXWe3qZAo2HVUBPOFTFijTn4cw= =xo2P -----END PGP SIGNATURE-----