Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2938 php7.0 security update 27 August 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php7.0 Publisher: Debian Operating System: Debian GNU/Linux 9 Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-7068 Original Bulletin: https://www.debian.org/lts/security/2020/dla-2345 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running php7.0 check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2345-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb August 26, 2020 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : php7.0 Version : 7.0.33-0+deb9u9 CVE ID : CVE-2020-7068 It was discovered that there was a use-after-free vulnerability when parsing PHAR files, a method of putting entire PHP applications into a single file. For Debian 9 "Stretch", this problem has been fixed in version 7.0.33-0+deb9u9. We recommend that you upgrade your php7.0 packages. For the detailed security status of php7.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.0 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl9GPQsACgkQHpU+J9Qx HljVjBAAjz0h5aeM/9wAZfX4i/SfvXiqX+w40yIlLNC+rtvr8TieFuwLBI53aatI xWzyvbwd63Jigoc/vbxIfCX03V0pWw8Y7Vs914MCFFPvKRDYn4pi8MNgzbv7hFrM b28BrOiKjCoLoH50hZ3+beJ1tvROjszyaoimgED/RPTcBmmj69ZeT8GIcEJxnIPX aw5fJKs8KUYbGcD7Kg9go3jgS7t2yXhFAPAFTOeQcLRJdcfrS3Vv6RyanQ5ml5r2 wQCNnbxAddftX1YOcHtG01GohR4FEjrnPguZruZRDVDraf5C6ar3DdFsncEirYRl ejKiYbWZHyVmzosTI/LuiR6+QgfgCArxF+QQzZOLzo7isNpVKKN0tJ1AhLAV3pk0 rPTotdLKYJUv32JBBmGggyP32BZ6QBbZbnZmbOvxbvDIIaDoozXqfvp27cFshxrq jLInlxgCJyPhw71PL43dAPmZPoyA8kGWnlFIMxUY/o1/I2vvTokFVyj08YuEMm0k 7ePTJJc2ipvCQ6yhUuFmiC69n2rpy65lmQgoImEBGhj0XqhqX5nkNHkhahuKUAyj 9OlecHZ9DPDbzEYc5HkJVJT6QtYJ4t80Hzsq3fgt0ultWyJ+7WGVCcNAn2Tu5VVy Qypp4RIFUVMb0p7nI/FNAnP5IXEoN1pRKnUp6RzuI4cOCBPvYV4= =yN+e - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX0bwN+NLKJtyKPYoAQik/g/6A3hAoYGIh/yNw+Mepb1eUxkgVTK2/nRx NtwrJpHfBSfB1KYrdzAQwg7aClmfTKgmLh21/giWNS+11hG0WMD0H4rwWCBU2CrW cQstElsUN6FFhPEIe6Tl5C6A0DPdUCYwRjTs6awfxgMAVQe/jdd7wCweV8iCm8t9 CnJSocUE/w0CD4OrTDufFlLfstc94vY1AmHuXnY4PObkiKzr7VW9WMa056M0jd3c 4IMmDanqA52x+7j6EDwkXcVqkiDAZ5dh2LASchPmQklfns3EKOhx2ZbxHO2cW0cT 5t7/FGIneF/umIlvaPkd3t+reFJYVKvrFV2WSC2Z2ZAp0ykWbfa0xY3x9XirBvuZ N5j1ATWZOQ9Y/fgmO8p3A/oJXOarTYtxXl1VBELUdd9jmjIeMEq6pQn0Z/Zb7Pmr 0rX1Ausn0cM9reeqZP6QWl0QjlRh3E+BzJK+vVmWx1intX3UAPWhS4tjZxXnAxJz iEU+ApTSWBtbWhFUY5T3IN3QlX1gpDruF41wW64iDb0XFb7QXMt3krfxmCleMEER 3YOIudjVQqE/xbLapbYVMhNE6BzHzhDUU8jLVkLhBVZ7QIC2gpe2f+V5Kz/I7xMV i4emwtxMyzQmTKwSKje/dzPEB8Uc+9vaUS/fIH5QB7adqhkKBxwp4wdjqJW+qek+ OkHTw3jOLgQ= =/T5U -----END PGP SIGNATURE-----