Debian Local Security Checks : Debian Security Advisory DSA 4080-1 (php7.0

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.704080

Categoría: Debian Local Security Checks

Título: Debian Security Advisory DSA 4080-1 (php7.0 - security update)

Resumen: Several vulnerabilities were found in PHP, a widely-used open source;general purpose scripting language:;;CVE-2017-11144;Denial of service in openssl extension due to incorrect return value;check of OpenSSL sealing function;;CVE-2017-11145;Out-of-bounds read in wddx_deserialize();;CVE-2017-11628;Buffer overflow in PHP INI parsing API;;CVE-2017-12932 /;CVE-2017-12934;Use-after-frees during unserialisation;;CVE-2017-12933;Buffer overread in finish_nested_data();;CVE-2017-16642;Out-of-bounds read in timelib_meridian()

Descripción: Summary:
Several vulnerabilities were found in PHP, a widely-used open source
general purpose scripting language:

CVE-2017-11144
Denial of service in openssl extension due to incorrect return value
check of OpenSSL sealing function

CVE-2017-11145
Out-of-bounds read in wddx_deserialize()

CVE-2017-11628
Buffer overflow in PHP INI parsing API

CVE-2017-12932 /
CVE-2017-12934
Use-after-frees during unserialisation

CVE-2017-12933
Buffer overread in finish_nested_data()

CVE-2017-16642
Out-of-bounds read in timelib_meridian()

Affected Software/OS:
php7.0 on Debian Linux

Solution:
For the stable distribution (stretch), these problems have been fixed in
version 7.0.27-0+deb9u1.

We recommend that you upgrade your php7.0 packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-11144
Common Vulnerability Exposure (CVE) ID: CVE-2017-11145
Common Vulnerability Exposure (CVE) ID: CVE-2017-11628
Common Vulnerability Exposure (CVE) ID: CVE-2017-12932
Common Vulnerability Exposure (CVE) ID: CVE-2017-12933
Common Vulnerability Exposure (CVE) ID: CVE-2017-12934
Common Vulnerability Exposure (CVE) ID: CVE-2017-16642

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.704080
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 4080-1 (php7.0 - security update)
Resumen:	Several vulnerabilities were found in PHP, a widely-used open source;general purpose scripting language:;;CVE-2017-11144;Denial of service in openssl extension due to incorrect return value;check of OpenSSL sealing function;;CVE-2017-11145;Out-of-bounds read in wddx_deserialize();;CVE-2017-11628;Buffer overflow in PHP INI parsing API;;CVE-2017-12932 /;CVE-2017-12934;Use-after-frees during unserialisation;;CVE-2017-12933;Buffer overread in finish_nested_data();;CVE-2017-16642;Out-of-bounds read in timelib_meridian()
Descripción:	Summary: Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function CVE-2017-11145 Out-of-bounds read in wddx_deserialize() CVE-2017-11628 Buffer overflow in PHP INI parsing API CVE-2017-12932 / CVE-2017-12934 Use-after-frees during unserialisation CVE-2017-12933 Buffer overread in finish_nested_data() CVE-2017-16642 Out-of-bounds read in timelib_meridian() Affected Software/OS: php7.0 on Debian Linux Solution: For the stable distribution (stretch), these problems have been fixed in version 7.0.27-0+deb9u1. We recommend that you upgrade your php7.0 packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-11144 Common Vulnerability Exposure (CVE) ID: CVE-2017-11145 Common Vulnerability Exposure (CVE) ID: CVE-2017-11628 Common Vulnerability Exposure (CVE) ID: CVE-2017-12932 Common Vulnerability Exposure (CVE) ID: CVE-2017-12933 Common Vulnerability Exposure (CVE) ID: CVE-2017-12934 Common Vulnerability Exposure (CVE) ID: CVE-2017-16642
Copyright	Copyright (C) 2018 Greenbone Networks GmbH