7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.95 High
EPSS
Percentile
99.3%
Debian Security Advisory DSA-2816-1 [email protected]
http://www.debian.org/security/ Thijs Kinkhorst
December 12, 2013 http://www.debian.org/security/faq
Package : php5
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-6420 CVE-2013-6712
Debian Bug : 731112 731895
Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development. The Common
Vulnerabilities and Exposures project identifies the following issues:
CVE-2013-6420
Stefan Esser reported possible memory corruption in
openssl_x509_parse().
CVE-2013-6712
Creating DateInterval objects from parsed ISO dates was
not properly restricted, which allowed to cause a
denial of service.
In addition, the update for Debian 7 "Wheezy" contains several bugfixes
originally targeted for the upcoming Wheezy point release.
For the oldstable distribution (squeeze), these problems have been fixed in
version 5.3.3-7+squeeze18.
For the stable distribution (wheezy), these problems have been fixed in
version 5.4.4-14+deb7u7.
For the unstable distribution (sid), these problems have been fixed in
version 5.5.6+dfsg-2.
We recommend that you upgrade your php5 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | ia64 | php5-odbc | < 5.4.4-14+deb7u7 | php5-odbc_5.4.4-14+deb7u7_ia64.deb |
Debian | 6 | i386 | libapache2-mod-php5filter | < 5.3.3-7+squeeze18 | libapache2-mod-php5filter_5.3.3-7+squeeze18_i386.deb |
Debian | 6 | ia64 | php5-gmp | < 5.3.3-7+squeeze18 | php5-gmp_5.3.3-7+squeeze18_ia64.deb |
Debian | 6 | amd64 | php5-pgsql | < 5.3.3-7+squeeze18 | php5-pgsql_5.3.3-7+squeeze18_amd64.deb |
Debian | 6 | mipsel | libapache2-mod-php5filter | < 5.3.3-7+squeeze18 | libapache2-mod-php5filter_5.3.3-7+squeeze18_mipsel.deb |
Debian | 6 | mips | php5-gmp | < 5.3.3-7+squeeze18 | php5-gmp_5.3.3-7+squeeze18_mips.deb |
Debian | 6 | ia64 | php5-cgi | < 5.3.3-7+squeeze18 | php5-cgi_5.3.3-7+squeeze18_ia64.deb |
Debian | 6 | s390 | php5-sqlite | < 5.3.3-7+squeeze18 | php5-sqlite_5.3.3-7+squeeze18_s390.deb |
Debian | 7 | amd64 | php5-gd | < 5.4.4-14+deb7u7 | php5-gd_5.4.4-14+deb7u7_amd64.deb |
Debian | 7 | kfreebsd-i386 | php5-sybase | < 5.4.4-14+deb7u7 | php5-sybase_5.4.4-14+deb7u7_kfreebsd-i386.deb |