Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2938
php7.0 security update
27 August 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: php7.0
Publisher: Debian
Operating System: Debian GNU/Linux 9
Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-7068
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2345
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running php7.0 check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2345-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
August 26, 2020 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : php7.0
Version : 7.0.33-0+deb9u9
CVE ID : CVE-2020-7068
It was discovered that there was a use-after-free vulnerability when
parsing PHAR files, a method of putting entire PHP applications into
a single file.
For Debian 9 "Stretch", this problem has been fixed in version
7.0.33-0+deb9u9.
We recommend that you upgrade your php7.0 packages.
For the detailed security status of php7.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.0
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl9GPQsACgkQHpU+J9Qx
HljVjBAAjz0h5aeM/9wAZfX4i/SfvXiqX+w40yIlLNC+rtvr8TieFuwLBI53aatI
xWzyvbwd63Jigoc/vbxIfCX03V0pWw8Y7Vs914MCFFPvKRDYn4pi8MNgzbv7hFrM
b28BrOiKjCoLoH50hZ3+beJ1tvROjszyaoimgED/RPTcBmmj69ZeT8GIcEJxnIPX
aw5fJKs8KUYbGcD7Kg9go3jgS7t2yXhFAPAFTOeQcLRJdcfrS3Vv6RyanQ5ml5r2
wQCNnbxAddftX1YOcHtG01GohR4FEjrnPguZruZRDVDraf5C6ar3DdFsncEirYRl
ejKiYbWZHyVmzosTI/LuiR6+QgfgCArxF+QQzZOLzo7isNpVKKN0tJ1AhLAV3pk0
rPTotdLKYJUv32JBBmGggyP32BZ6QBbZbnZmbOvxbvDIIaDoozXqfvp27cFshxrq
jLInlxgCJyPhw71PL43dAPmZPoyA8kGWnlFIMxUY/o1/I2vvTokFVyj08YuEMm0k
7ePTJJc2ipvCQ6yhUuFmiC69n2rpy65lmQgoImEBGhj0XqhqX5nkNHkhahuKUAyj
9OlecHZ9DPDbzEYc5HkJVJT6QtYJ4t80Hzsq3fgt0ultWyJ+7WGVCcNAn2Tu5VVy
Qypp4RIFUVMb0p7nI/FNAnP5IXEoN1pRKnUp6RzuI4cOCBPvYV4=
=yN+e
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX0bwN+NLKJtyKPYoAQik/g/6A3hAoYGIh/yNw+Mepb1eUxkgVTK2/nRx
NtwrJpHfBSfB1KYrdzAQwg7aClmfTKgmLh21/giWNS+11hG0WMD0H4rwWCBU2CrW
cQstElsUN6FFhPEIe6Tl5C6A0DPdUCYwRjTs6awfxgMAVQe/jdd7wCweV8iCm8t9
CnJSocUE/w0CD4OrTDufFlLfstc94vY1AmHuXnY4PObkiKzr7VW9WMa056M0jd3c
4IMmDanqA52x+7j6EDwkXcVqkiDAZ5dh2LASchPmQklfns3EKOhx2ZbxHO2cW0cT
5t7/FGIneF/umIlvaPkd3t+reFJYVKvrFV2WSC2Z2ZAp0ykWbfa0xY3x9XirBvuZ
N5j1ATWZOQ9Y/fgmO8p3A/oJXOarTYtxXl1VBELUdd9jmjIeMEq6pQn0Z/Zb7Pmr
0rX1Ausn0cM9reeqZP6QWl0QjlRh3E+BzJK+vVmWx1intX3UAPWhS4tjZxXnAxJz
iEU+ApTSWBtbWhFUY5T3IN3QlX1gpDruF41wW64iDb0XFb7QXMt3krfxmCleMEER
3YOIudjVQqE/xbLapbYVMhNE6BzHzhDUU8jLVkLhBVZ7QIC2gpe2f+V5Kz/I7xMV
i4emwtxMyzQmTKwSKje/dzPEB8Uc+9vaUS/fIH5QB7adqhkKBxwp4wdjqJW+qek+
OkHTw3jOLgQ=
=/T5U
-----END PGP SIGNATURE-----