Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3982 php7.3 security update 29 October 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php7.3 Publisher: Debian Operating System: Debian GNU/Linux 10 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-11043 Reference: ESB-2019.3963 Original Bulletin: http://www.debian.org/security/2019/dsa-4553 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4553-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : php7.3 CVE ID : CVE-2019-11043 Emil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups. For the stable distribution (buster), this problem has been fixed in version 7.3.11-1~deb10u1. We recommend that you upgrade your php7.3 packages. For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl23XW8ACgkQEMKTtsN8 TjZqdBAAjtqS6J+W7DRv/zq2zDi4IvdZo3vgO2EiVICak7+TWNfQ0aIP3LV73QQY +4y2NMoh9wVUE2nLQW8CJZUf0u5UOdIefnCpJ3hlqrjxtWt/8/7qSYk+AOpSKIUf EnNTGPk7+X7XKtRZq5v3ZbefjY+fLsZ7l2bMtUhfmtsqcYo/P8jd3bLHkNZQYpKd rJ73+zMYhk079v+8pD8gH3wikct4ollfbYcpL9dSvobWMgCPCLsaMWP28kI2ZPSC oEXsAIGT+nwhCMIwjcOrBmisyCqVqPUWGUiGxiKjxz7PMYj4auiSb7g+Y05xr7MQ a27yXXg19+UKKMgTpa8l8uJrhR16BxK+GRWBqX2B/lsXBu2HXQM2wC7ZLmOj19ai tm2u6qha38mr2NanI4l51P2HmYKNIHzD+3hPTfs0MLv9X8W7F1oIc/Ja/6BGWXfm wEe4vzpr3luw1u8PQXv/oNdOJ3YSHMIMj48RbISGT+itGsIPywmb6SOsoKWS8kMl JDJi7S7OwRUELFmeG0cJU0uLV6wluQo9bRrmFYJBTVry40fQ/jaaYd3FsJ207NhV iEbdPrT3lRrvGt399ZzYTemZeaQnOZ6igKzYxChdlRNjldqzGH3wsvkUnfnUNQlw 6EEWviBTYixhsyAZehq7NZ42BYLsyKdzSkBipCIDDAmxy/ogC2M= =J+6Z - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXbeJtmaOgq3Tt24GAQh0NhAArGI5BLY6APpW0g2Kc5L6mmIHVuJV0ZKW BzUxxUVbND+mH0gwGS4JqZU+CFs9dribRXKI6kp9qWCbarXEpIZEk4MHQ8B8QP/E 0JVhzF2Sfzwl0yC5NbNPsjRD2GjizAbUrFzCpic/rjB1d7LFLfYRTiXhBkiv9Xc5 kl/EtTNVEg1NS6szlRYD1ZGRut0ii1HCdybQSxOn8/ojnEh5UO7cxMx0aH/DBIn4 1+kKadb6mwreRL5BuEswbnRbNAYwkd9Ep+D+j2KPvy05yyU7cAsXZtPXcw0g00A0 VhL3E23/lPiDlPU9CqluYwUr7atq64ZZvWKJAGu/61p2Xm37SNMJEqlIoci0hySN v6Te4STPsFe/TFq3Z34Zte1HY6VqQ1/t4c9mVUSxLf2g0cWVW6oQTt824d3A2jN2 6nKvJY8d+f6hBmNDrAe1VmJ9M7dsZuiW5HKSvwW7kkOpjKn3aCWXxmt5DP5pwMWQ YMvRl/zcgbZaYitps3iQ/B8UyfEHrRnEPJCqzroosyQw9a6Z8VYSxj8KWbO5cpZe HysweX23JWThn1sj7/iUOUvcgBjQy/r7uQ4jvpNXGDGJeBQJ4+1LF0Ai/za18yWG +JTIm+J/JGvHfKOsbSfgcBsMOnPWSyOBh/QLKnWgUKklgc4GHMv5g1V65ges8j6C 9N3L9n/UixE= =RJ0w -----END PGP SIGNATURE-----