Debian Local Security Checks : Debian Security Advisory DSA 4353-1 (php7.0

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.704353

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 4353-1 (php7.0 - security update)

Zusammenfassung: Multiple security issues were found in PHP, a widely-used open source;general purpose scripting language: The EXIF module was susceptible to;denial of service/information disclosure when parsing malformed images,;the Apache module allowed cross-site-scripting via the body of a;'Transfer-Encoding: chunked' request and the IMAP extension performed;insufficient input validation which can result in the execution of;arbitrary shell commands in the imap_open() function and denial of;service in the imap_mail() function.

Beschreibung: Summary:
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language: The EXIF module was susceptible to
denial of service/information disclosure when parsing malformed images,
the Apache module allowed cross-site-scripting via the body of a
'Transfer-Encoding: chunked' request and the IMAP extension performed
insufficient input validation which can result in the execution of
arbitrary shell commands in the imap_open() function and denial of
service in the imap_mail() function.

Affected Software/OS:
php7.0 on Debian Linux

Solution:
For the stable distribution (stretch), these problems have been fixed in
version 7.0.33-0+deb9u1.

We recommend that you upgrade your php7.0 packages.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-14851
Common Vulnerability Exposure (CVE) ID: CVE-2018-14883
Common Vulnerability Exposure (CVE) ID: CVE-2018-17082
Common Vulnerability Exposure (CVE) ID: CVE-2018-19518
Common Vulnerability Exposure (CVE) ID: CVE-2018-19935

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.704353
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 4353-1 (php7.0 - security update)
Zusammenfassung:	Multiple security issues were found in PHP, a widely-used open source;general purpose scripting language: The EXIF module was susceptible to;denial of service/information disclosure when parsing malformed images,;the Apache module allowed cross-site-scripting via the body of a;'Transfer-Encoding: chunked' request and the IMAP extension performed;insufficient input validation which can result in the execution of;arbitrary shell commands in the imap_open() function and denial of;service in the imap_mail() function.
Beschreibung:	Summary: Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a 'Transfer-Encoding: chunked' request and the IMAP extension performed insufficient input validation which can result in the execution of arbitrary shell commands in the imap_open() function and denial of service in the imap_mail() function. Affected Software/OS: php7.0 on Debian Linux Solution: For the stable distribution (stretch), these problems have been fixed in version 7.0.33-0+deb9u1. We recommend that you upgrade your php7.0 packages. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-14851 Common Vulnerability Exposure (CVE) ID: CVE-2018-14883 Common Vulnerability Exposure (CVE) ID: CVE-2018-17082 Common Vulnerability Exposure (CVE) ID: CVE-2018-19518 Common Vulnerability Exposure (CVE) ID: CVE-2018-19935
Copyright	Copyright (C) 2018 Greenbone Networks GmbH