Debian Security Advisory 2639-1

Debian Security Advisory 2639-1: Posted Mar 6, 2013; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2639-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.; tags | advisory, web, php, vulnerability; systems | linux, debian; advisories | CVE-2013-1635, CVE-2013-1643; SHA-256 | 44e04eb86ca8316cfdb9a7e5bc5e0f9dbeeeb5318bc9c3ba26ffbcb190be3442; Download | Favorite | View

Debian Security Advisory 2639-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2639-1                   security@debian.org
https://www.debian.org/security/                           Thijs Kinkhorst
March 05, 2013                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php5
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-1635 CVE-2013-1643
Debian Bug     : 702221

Several vulnerabilities have been discovered in PHP, the web scripting
language. The Common Vulnerabilities and Exposures project identifies
the following issues:

CVE-2013-1635

    If a PHP application accepted untrusted SOAP object input remotely
    from clients, an attacker could read system files readable for the
    webserver.

CVE-2013-1643

    The soap.wsdl_cache_dir function did not take PHP open_basedir
    restrictions into account. Note that Debian advises against relying
    on open_basedir restrictions for security.

For the stable distribution (squeeze), these problems have been fixed in
version 5.3.3-7+squeeze15.

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 5.4.4-14.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJRNim2AAoJEFb2GnlAHawEhPIH/ifHNPRqASWJE6tkbHGmJ7ct
9ZU7pc4Jw5u7qy29a1w1KlrP5PYDIyKhigdUe+/X10TVejaifRBTLJBPNFUD6NNr
pDexRqBEftEYO7G0HXptPcmQT+Rhi1FzZEkVrRHU21giPgwckeJM/PRhOE7tt58J
lFqFYN9IBLUIhyetj6ZxuwU/0qeDOxbH64BKi5lXWfPvNT2a98WIFzRJex8rNs1U
KX4ZHBeV3S7ADFGQAgwv2DWWpmFfubhcOoabhrP6uSSV4FygV9W86buZUtZEzIGg
x7VtXIbkMbgNeJNHu/NTwLet6UVrb/piyKEKcAOgM9R9SP8hpHm+RdjkOVHRcKY=
=nUKg
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 64 files
Debian 24 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,171)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,070)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,426)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,010)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Debian Security Advisory 2639-1

Debian Security Advisory 2639-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 2639-1

Share This

Debian Security Advisory 2639-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems