Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1986 [DLA 1813-1] php5 security update 4 June 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php5 Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-11040 CVE-2019-11039 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/05/msg00047.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running php5 check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : php5 Version : 5.6.40+dfsg-0+deb8u4 CVE ID : CVE-2019-11039 CVE-2019-11040 Two vulnerabilities were found in PHP, a widely-used open source general purpose scripting language. CVE-2019-11039 An integer underflow in the iconv module could be exploited to trigger an out of bounds read. CVE-2019-11040 A heap buffer overflow was discovered in the EXIF parsing code. For Debian 8 "Jessie", these problems have been fixed in version 5.6.40+dfsg-0+deb8u4. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlz1AiwACgkQnUbEiOQ2 gwJ6hQ//e3FxCHkLhDfI2h1U6c2gl7iCeA3CNE8sGNcdrdhUwj6q/aO4vq7SifqD Pczdrx8eUjJqnRbvyfoC+zbVLv3Hj11EFU8RSfc5KMYjSeSWh3RZV+DR0JDtkjys SI+rShck2Ej7Ajv9XHy/xfseI2PoZ4eIOEBrZgyhMTPBULxUxzIkTUyQd0wcHQsI rAaQR/ePhH59loXagJa4HrKqRQMs0Tk6ZZo8oODbnMXpqysupfW7X/Q3kI4rn5Eq qQbsnZF8B90CptEZpUSu5VEALi4FmB7NMEMx9NjeEO93A6rvF4cFUXKlVsaSalsn U7Pl1wjlBvSJG1M5o9+g7XKCPfG5yN6/ER/NTK/zKNRcwhN6wfMc6FpsFCo6grNf YNv9rqu5ST5F4ta7NEsRo4tD4QlfAFPX6MkBpiV3oOnXe8zZ1M6ZevbNpwFuAOHX jd/T/xCrcZbhdgK2PSc+2PC+eOPbpESbl24Df5CSpNch1rt22c0GweJihYXsF2oK V/SfBN+aDvieRyaBJDRHy13N+3OuB6AiQofHh11w053SV9YUTfcgsfTB5GrqKL47 N7wqmriUIoZKKQox+ynAZ0MI6e7snuRST/r5n+U1mkh3dEl1fYfq93xLmJYX4sd1 LXat7RgOlhz1HLUNJk2vNE77a0Ykwvu6dNuwCAdqyoa1bMXTSo4= =WqNG - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXPW8zmaOgq3Tt24GAQjhrxAAgauc2OW8SZiVgeyUUMgLyp93T34EI7xv bBK1dXlR48nJ1GzuGsdRQjkMMulUYf+CyLvBUt2FubcmWou7QNjjx2nf2O1U5Sgt 4byfN678fHqrQOVQLxSDxdk2yFPYUL3TEMc8gU7qWDavYyu6/8uKUh25kYdtAGQA 5LTCaglpxBoEag4dg/TnvxSTeq6wOKdix5LTv1nxf/+9Sas1OJ9YbjAJQX/zNHyr My7SLQ1cgXI8piB+iRy3Z6ML7uqY8xQllz5HCoLXZkk4QvRe/4knx7IL8MDWv9u3 vBqgY/8ufjnDURLWQG+RnDIn7vAXEF2WYsaUB4n2aLthTMNxdjBt7HPeLcXvjIPh kqVN7Oebhaz76eSy2gHqwl5+kPfRBOldL1DI7RZmuFulv44n2v7YkyKBVrWRRjLd 6CCOdscDarNbfhCcw46Zz8j0LN0L6q/Rm5Qy3LsEUFCJwldXVfeOsSyEgXs8vrsF Ok/7AioTtpCyJdKG4YDhjsb9Yp/8VJPjJL2UD2U1vZoTmikmA+bf49hQSKq4PGTI 07wq5xtv1y/5yWf3N1Jw1kL6xNYKhhnUwtOf4zOefpq01aU0mWv6D82GO5IS2nJ5 BRGTJyFxeyIujj4PgKv2B6vgpqH+EYbIzCzqQkJmuxV/gXh9yEwDrNhC4CUZftRf DvF5K4lClfU= =9PEw -----END PGP SIGNATURE-----