Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1820 php5 security update 27 July 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php5 Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-6297 CVE-2016-6296 CVE-2016-6295 CVE-2016-6294 CVE-2016-6292 CVE-2016-6291 CVE-2016-6290 CVE-2016-6289 CVE-2016-5399 CVE-2016-5385 Reference: ESB-2016.1782 ESB-2016.1764 Original Bulletin: http://www.debian.org/security/2016/dsa-3631 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3631-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 26, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : php5 CVE ID : CVE-2016-5385 CVE-2016-5399 CVE-2016-6289 CVE-2016-6290 CVE-2016-6291 CVE-2016-6292 CVE-2016-6294 CVE-2016-6295 CVE-2016-6296 CVE-2016-6297 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.24, which includes additional bug fixes. Please refer to the upstream changelog for more information: https://php.net/ChangeLog-5.php#5.6.24 For the stable distribution (jessie), these problems have been fixed in version 5.6.24+dfsg-0+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 7.0.9-1 of the php7.0 source package. We recommend that you upgrade your php5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXl8vVAAoJEBDCk7bDfE423hAQAIPEiALq8HQACO7oVQWG1X14 T5M+RjjR/EYHqN0VLZ6JprRZDmN4noANfvWX2onKzF/KhA+1cKBvWrUz+X9623kb 6T5Cd2tsLJI9Cke83UcDJlD3wbPTW//9TRVLdPU1FI5LgJ4FU1pdxQ6KTMlcjiZ8 xAPCjwae8MOT+p4ajxjRS5DWM+oqEXi9oOIE4Ru+zUFY2y2zmV1u5rgSRRJbbeCv RUsPj6XGWHkEc36eoOLH3AC0ZKBfW6eQAC5NTUyMxFCYghD94QCHIGGNzeRrvnfX fvejjNAvgXcSle4xs2D4ltFUpF0uDWqrqflJKO7IvnNXB1uBgrCVcXsK+laz9dIX hYEy/HX/+lAcjPFSlZGj1LMKKHjVAvNJpjMGcC7hizOPVSOT/r0BvBhdID4sV26S WtkE60R6NcSwe589N+aIBLSPeR1YMs5wVi+Ez4iUR5VPOkqxOio412I5s1GiGeAg RJbZVHgxMPpsRpWhrXho+ZdDNI4Nd865MdQn8yIbCK4FmjsnN/gz5urWyLQcsSTT 8xnq3yaWK3dbfzWC6ZcvAdTBrDVXHTUeFU7XFMylMiCUGBHw7cgznJ47amWDmnnc Y2usZhlKV/c7rBDgYYH0dQfAIm93SSi5236wpWNA9utxbks0Lg0Uh2HpJ0zAZv1V LaE1mifVk8/cCxLvmcXn =7J9V - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV5gHRIx+lLeg9Ub1AQjn+RAArcK3PobNZNhKo+F5j7o6ezJkbnKNXa1i m5uL3KhQ151iEzAq2jWrlAzn71TG5VJI3eGGNo1BeTZWrW41TaOm2nHfDEZVJ6zI JR5HoXOF56dgH2bgHVGsiGlNGH50BN91BE+E83hkn/3q9TH1xL/0epQnerAacN1k 1KUvnzNnF1N3KPkjlCsphFc7hiLNJUNNLywjdsQTnrP6+D1JwFSOB76HH51j+Ztu bnYtXfRKT3j4kh0QZGBEHLlEIjolsB3ZF6RLzsd9b30NCJTBBlMP3p8EokYuRyjp X81i5DY8O75G6VUrjEwX4JLFYbK3E8VuAmRY5uTm1VNSbEUKFp36CDTsA6pM64lJ OKZtRq8AFU+ANDJ1hB9yPejJb33II2uXZmoKYr1s/hCBHxt15/oICHEqJQPGVKNI 1q1RYGJixwFMsvms9a3a/WnCfsOov2GS9nGeBHOBXZ89yK12mCLYmhzTrZzlBOvX 59Z5uszW+YySTP7XsrWnBD5IOWU5eQiuFaEfoQpFcpNq6OPyu0eGKidMRzKqt/Gi lvsnfp+bJ/6EvEi/tmnJU3AJD2X8uV2pn/0xz6KOL9FBKwjEExUiOVg53wshr6dY JtQiLhYfuZuAw6lXiK7Fk5Kz11oeLajvwG/CULPjkbEAHjsTrrHNBCV+pbXPv8/l 9Jc6qv3paTg= =Oy/5 -----END PGP SIGNATURE-----