Hallo Steffen, Marvin kannst Du auch sofort machen. Ist ein Neustart notwendig?
Gruß Hans Am 31.01.2012 um 08:22 schrieb Thijs Kinkhorst: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2399-1 secur...@debian.org > http://www.debian.org/security/ Thijs Kinkhorst > January 31, 2012 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : php5 > Vulnerability : several > Problem type : remote > Debian-specific: no > CVE ID : CVE-2011-1938 CVE-2011-2483 CVE-2011-4566 CVE-2011-4885 > CVE-2012-0057 > > Several vulnerabilities have been discovered in PHP, the web scripting > language. The Common Vulnerabilities and Exposures project identifies > the following issues: > > CVE-2011-1938 > > The UNIX socket handling allowed attackers to trigger a buffer overflow > via a long path name. > > CVE-2011-2483 > > The crypt_blowfish function did not properly handle 8-bit characters, > which made it easier for attackers to determine a cleartext password > by using knowledge of a password hash. > > CVE-2011-4566 > > When used on 32 bit platforms, the exif extension could be used to > trigger an integer overflow in the exif_process_IFD_TAG function > when processing a JPEG file. > > CVE-2011-4885 > > It was possible to trigger hash collisions predictably when parsing > form parameters, which allows remote attackers to cause a denial of > service by sending many crafted parameters. > > CVE-2012-0057 > > When applying a crafted XSLT transform, an attacker could write files > to arbitrary places in the filesystem. > > NOTE: the fix for CVE-2011-2483 required changing the behaviour of this > function: it is now incompatible with some old (wrongly) generated hashes > for passwords containing 8-bit characters. See the package NEWS entry > for details. This change has not been applied to the Lenny version of PHP. > > > For the oldstable distribution (lenny), these problems have been fixed > in version 5.2.6.dfsg.1-1+lenny14. > > For the stable distribution (squeeze), these problems have been fixed > in version 5.3.3-7+squeeze5. > > For the testing distribution (wheezy) and unstable distribution (sid), > these problems have been fixed in version 5.3.9-1. > > We recommend that you upgrade your php5 packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEcBAEBAgAGBQJPJ5aaAAoJEOxfUAG2iX57USAIALlPmi/Hz3sAowgWqBfqGoYs > ZajpYg/2yYQ5VEDAiRY20NDFct/9Qmdd3WlwkoHDMl51YrrtG6qf3WjosKNrnWch > EkJJmdLBGFkTwDzFMLsyvizAJge+2XiEaNiFhsZxAZrDFk+KU2XJRdEBeHaSQnhn > PdahnC8oUREb+n5FJv3h4jOL6cyPqu32Whk8SuaFPBjTd2VDUUHnk/x/Kqe1lFZq > RgGsyjESnMo1320eDFTZVVxPR6HAGacYYTYQhddMs8twGqCiL/orm5dqy/rCBPlq > ehyRICzGnGMDFtnydZC7X2wE0OHX5/gTABJrPfTI6DjsY2ncz/R7ohZAqQKHTSg= > =vhFB > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20120131072258.b54b559...@kinkhorst.com > Internette Grüße Hans Heidemann Internet Projekt Management -- Poststraße 5 32139 Spenge www.interweber.de i...@interweber.de Tel.: +49 5225 873 770 0 Fax: +49 5225 873 770 2 Mobil: +49 175 566 227 4 N 52°08.543, E 008°29.070 USt-IdNr.: DE197550147 --------------------------------------------------------------------------------------------------- Diese E-Mail ist vertraulich. Sie ist ausschließlich fuer den/die Empfänger dieser E-Mail bestimmt. Hans-Georg Heidemann übernimmt keine Verantwortung für Inhalte, Fehler oder ausgelassene Inhalteinnerhalb dieser E-Mail, die Verwendung oder den Missbrauch jeglicher Art oder alles, was mit dieser Nachricht beziehungsweise beigefügten Anhängen getan oder unterlassen wird. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/53c9803c-3416-42d6-be93-d611eff7c...@interweber.de
