You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php7.0

Sigurnosni nedostaci programskog paketa php7.0

by Vlatka Mišić - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LDE

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4240-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2018 https://www.debian.org/security/faq
– ————————————————————————-

Package : php7.0
CVE ID : CVE-2018-7584 CVE-2018-10545 CVE-2018-10546
CVE-2018-10547 CVE-2018-10548 CVE-2018-10549

Several vulnerabilities were found in PHP, a widely-used open source
general purpose scripting language:

CVE-2018-7584

Buffer underread in parsing HTTP responses

CVE-2018-10545

Dumpable FPM child processes allowed the bypass of opcache access
controls

CVE-2018-10546

Denial of service via infinite loop in convert.iconv stream filter

CVE-2018-10547

The fix for CVE-2018-5712 (shipped in DSA 4080) was incomplete

CVE-2018-10548

Denial of service via malformed LDAP server responses

CVE-2018-10549

Out-of-bounds read when parsing malformed JPEG files

For the stable distribution (stretch), these problems have been fixed in
version 7.0.30-0+deb9u1.

We recommend that you upgrade your php7.0 packages.

For the detailed security status of php7.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAls+gHsACgkQEMKTtsN8
TjZQ9g/+OI9kfKCZx/vFJ+dBmP3TGdvFTg81BQo5qNcF7GabJgGPLJ7q7q/Lo8oh
HBIrudLIDXjRI2SyB0F7gkUld2uCzokxRmMG0FvLFVpLpEEvBaqPzK7f9FuD6s1t
ZcoWbNQ7JuBFxnaf8AxOz/qvwgs7RGoO9W4kcjZN3Chs1VKDPatchC2PO1ua5YHa
eX4mpBhpiqYONwrb6eGuSUbJSeJCKSoe3WMYZXPRNPLRktmvDRqR/7BSoYQt/2dj
dVN2+a/0NSw1qE0SdsMwOCK5y9CQ2NgmjqyQzRSrpONe1uwL+It+W6KNkc0fZpKB
0etoddlo6gWc+5lQYNkQoyW5mZhlLwNImxG+BC6z4pLA+4yrQVW3Zm0xqPAqo0ci
PIn/voBeWWzqjdj8ew9fJLewocwchXMYxu/ZWRMOeNE7AkxdutI4Cry4kaUKRgQ8
4EtW+cqjr7pqZ+5eTQY9kpAB9ddQGRcxet3cST2l/og3nxoj9hAn6zH6u8RW7NSD
OSzF18vDN/X45ECX3+/T6eAwW6ntmV/H+dcMVaZM1vw7UyMElCiQ4j8nKwZ7h9SB
DROSUaaspN7SvfXhZKnZ7Ly5qwYbUwN4KbCrf2PhkBgZq8bmtjUxVkRvxlOykm+5
JrwEG1QQ97kmzEiomrhRwP0Ftg9QUAmPrXRNJuibilsI1RG/2gc=
=8Kva
—–END PGP SIGNATURE—–

AutorVlatka Misic
Cert idNCERT-REF-2018-07-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Vlatka Mišić
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa devscripts

Otkriven je sigurnosni nedostatak u programskom paketu devscripts za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close