Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0022
php5 security update
2 January 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: php5
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Denial of Service -- Existing Account
Read-only Data Access -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11050 CVE-2019-11047 CVE-2019-11046
CVE-2019-11045
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running php5 check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : php5
Version : 5.6.40+dfsg-0+deb8u8
CVE ID : CVE-2019-11045 CVE-2019-11046 CVE-2019-11047
CVE-2019-11050
Several security bugs have been identified and fixed in php5, a
server-side, HTML-embedded scripting language.
The affected components include the exif module and handling of filenames
with \0 embedded.
For Debian 8 "Jessie", these problems have been fixed in version
5.6.40+dfsg-0+deb8u8.
We recommend that you upgrade your php5 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl4JLPBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdvGg/+LCvb4lL6rl2mi3BG2RucYt9kDWFGJmavBcx6+yRTQAkXWg7rg4pQ73Pd
0SM7lXx+vu13IfoKoRdbe7y1iBwRo6gcbYewNwI3sSUCo4sRph2iRTka8KJ4M7RC
RU12Zkhrk4lBWatn+YJC4/z1jCEnPgWuDkBmDwd6uVBKsttLP41k75Bpn+uvekxf
aBFen+tCkP786KvG33jkeC1AakeiNRNjI6UvweqiArOiNm58yyKNDMaX7M/ugkg4
lshzGegItgBHd/qJpacFQxDON4eC4/D1RrjJDS/4SAfcHuid8iz6NVbnvk6MkzU1
xAnumUiZNs6FQBYurxdEOWPXXYnWmVtD/XOtG+HYAR3iPDyxyVvda4cQGUsi2B4w
dF27zjUvykHWk3BmOj1QqG6VL8uCJ5YXKcgihuvpq56kF7TCR3qADD9O69NgPnQS
Paa/XMxJsi+qAX1tdF/7waXhdxUysX3mVjWzRoS16CBpk9OfAI3t9jgm+TBsH6hW
9fy52dJpHtfBJVbKA5yRAPza3sZvN23MS+A/LIre8cNEHEX4cS3UPjDqWjZtBjz0
JLjs9C46ioVdkZr5cmM+f0KU1FvXIzpTa6AnvU4ovIuxMr6pLaoE4l0JUKwYxLVa
nm4x8pOHZSseX0EBh1PCj5W6gAxHHFonZMUaY2A9d952jzXQppE=
=Pkwu
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXg1e42aOgq3Tt24GAQg2uRAAl2oBMwblLKH0L+OQ10Yk4Mbqp8NqinRV
1lhRsBrMfL0ICfUO1TxRNdFZfGvYmqfeNKUoAvUIeOUn1aWhJIBokByYKdbcvfCl
HLLoStFv0bhF71vypEx4WD7avQ6waK6feuDjItOyuPmmAQicpvZaNppPNmgvJwSG
Fsvo4S0MaJntvQS5arGvmCxlYoMs316KgDMSAX/1Ar6t65qJg0aQ00UbYS6mXpDd
JU3NFb2LbrMBbYfKyrlgszQFXAJZ/3Bh0ApNSVxW9nQr796EYmUoffX5e87ZRjE4
JRWI6egfAaKznoyWGovLa0a1wdZ3Yd+P6EO0nxM5aAG8JW7/SOEHthUzV9BRrrmH
WMOm1V245bMEuhwRmKpEpIK0bAgzxsEr/FfDiB0+k8gEqY2OGqdSGXnNwXv9H4Q8
jGI8EnvdpBUzmuBITsVaAqK/0h2bqTkJ/2htVaZrbKAOAk8BrT46Hv1oQcPphWLX
zlkmJdXkVAU39AqK8AWodGlqDeZA0lHj7LE1bKooT0UwNL1mKx/Dl/TIQtSY//4W
uCp4g53OqzHMws8CuAI61Tulnm0eAgbDGBlVeH4V7JxWkAYYq0LFJac1IQzHqnaq
IYI7XV2uwB7gqMM3+VS1ncc0643Wj+G14EKbyfKyCy+2vPh9qjlTDvYCPyV6ybP7
8QrO8ZS+R+U=
=BTT9
-----END PGP SIGNATURE-----