Debian Security Advisory
DSA-4080-1 php7.0 -- security update
- Date Reported:
- 08 Jan 2018
- Affected Packages:
- php7.0
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-11144, CVE-2017-11145, CVE-2017-11628, CVE-2017-12932, CVE-2017-12933, CVE-2017-12934, CVE-2017-16642.
- More information:
-
Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language:
- CVE-2017-11144
Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function
- CVE-2017-11145
Out-of-bounds read in wddx_deserialize()
- CVE-2017-11628
Buffer overflow in PHP INI parsing API
- CVE-2017-12932 /
CVE-2017-12934
Use-after-frees during unserialisation
- CVE-2017-12933
Buffer overread in finish_nested_data()
- CVE-2017-16642
Out-of-bounds read in timelib_meridian()
For the stable distribution (stretch), these problems have been fixed in version 7.0.27-0+deb9u1.
We recommend that you upgrade your php7.0 packages.
For the detailed security status of php7.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.0
- CVE-2017-11144