Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1873 [DLA 1803-1] php5 security update 27 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php5 Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-11036 CVE-2019-11035 CVE-2019-11034 Reference: ESB-2019.1855 ESB-2019.1838 ESB-2019.1400.2 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : php5 Version : 5.6.40+dfsg-0+deb8u3 CVE ID : CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 A read past allocated buffer vulnerability and two heap-buffer overflow vulnerabilites were discovered in the PHP5 programming language within the Exif image module. For Debian 8 "Jessie", these problems have been fixed in version 5.6.40+dfsg-0+deb8u3. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlzpHq1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEfBshAAi95HZr0ifFKvR3ouDzk9J8rcFr1U9iIkrF1AQ73Psk7MQz6GU8/TFMoh xipEoR62EnYKSjqUPZbVWGrlmlVYFKfYy69g5sntJEZJUYEgdiIHZwksdM+vKPdB EAwg+sBdL0V/9Wz6RdiDZPLZRWTn+Zv2cuj25RNeQtcq514x7d249ToQos2jqqYV RyW8PzrVcBHlObAElPPQtkyPkyNWDTMiIX2+IRKiQCj/B3fLIEX5Er0ZfC/sKICL 599Y1d2/J8+409y+Xc82gMXXi313Jw1K3DzjBdYO9ypYCa2pCeKBLDXDHFmxU88y NTzkFRHTiCWNfq1PM8kh+IPmLc4Q4ltJkp7Nh2gvcVHkZWfqPktr8g216lQlLPrv H2Lsafz0SuXHmaHXle7SFmLhHa5F4byedwnfis5gKgwaq3APaiDeUUbotP1aXPQB hQG2jJZIMxid9w17ASIt0EFBDj8FkKf1L5e8wD5P3NIorcKoBNbUd+BaMrV+iM4o 5ECinWanz0xqcBd/jzZkJ6OlptKOD2Dq3MIMYa14t5cVCk6wq5KzPyF88tOD33dN Ozrs9jfVh02LXkfNvuOMArjwptBD3vecgmpB5CUBNcwLNuWnt05Viz3doX5eVNyY rpaWqE2FkPw3ZP0Sy147DnUnssRlE7bHKEVEzVv3CpTMRmPweaQ= =TK/O - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXOsrq2aOgq3Tt24GAQiFQhAA0Xi2ZXI0MVI4MYm8avyJCCpiIPktoS4K 05QvmoqyVvv8V8kUX6AYpIcl40M5dQFn1RQWmCwOeVAb3m0zZIcvJg+WHtM5EvQ2 YYDlZalYMrpVkqctrADw0EJ9w4A3DjGO/xq27GPDEWmBDs5wBdFV39hfKoVfUf7M eUlMmm/h/yoklFuy32csj+oJyhlnrnqjrBuVQTn5ri+JnROgSmz6OgMlvsYNn8BV jt4HwVWhPPz4Hwa3dcIN+pfC/AYb5N9eyc0kEauESABlhv7x5Bu1C7eCXr+n0lZl IUyb8idLy6MsQeLdhrktTvk7CnCDlXvi4FchNA78WkOQ5rJfIiM4DC7Tc3n8RhJV trPYo26KM6bIB1ulxo4Bkw1zUfP2PrWDCq5lmNjVCdycJ0M0p8FtVTbA6YefJW+k CrjIDZouWIJhl2EPv64shNz4GAg5JELtc+QpuwpIVKub+MiAQ8v9/K5yMAHC7+1n B/vYZaAn57vdiJZV0E6xO83hqzdPD+vq4yYvSWITw59V2u42atb4mg19MrAs/p6D vzBenIX7HtHX4rPql1LbkVzo1SUtTe7eV+RV8I9ouqY+w785A3UrVGjnjFBWGb8d FcjSP0aC2Fl2ZL9YERgjZINcr1flAMpaY7UE0BCK7fn5gUoUB9TN/MOh2dC8j4wE StqI/jRRykQ= =y2Fg -----END PGP SIGNATURE-----