DebianDEBIAN:DSA-4240-1:6F850[SECURITY] [DSA 4240-1] php7.0 security update
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
Low
0.921 High
EPSS
Percentile
98.9%
Debian Security Advisory DSA-4240-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
July 05, 2018 https://www.debian.org/security/faq
Package : php7.0
CVE ID : CVE-2018-7584 CVE-2018-10545 CVE-2018-10546
CVE-2018-10547 CVE-2018-10548 CVE-2018-10549
Several vulnerabilities were found in PHP, a widely-used open source
general purpose scripting language:
CVE-2018-7584
Buffer underread in parsing HTTP responses
CVE-2018-10545
Dumpable FPM child processes allowed the bypass of opcache access
controls
CVE-2018-10546
Denial of service via infinite loop in convert.iconv stream filter
CVE-2018-10547
The fix for CVE-2018-5712 (shipped in DSA 4080) was incomplete
CVE-2018-10548
Denial of service via malformed LDAP server responses
CVE-2018-10549
Out-of-bounds read when parsing malformed JPEG files
For the stable distribution (stretch), these problems have been fixed in
version 7.0.30-0+deb9u1.
We recommend that you upgrade your php7.0 packages.
For the detailed security status of php7.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.0
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | armhf | php7.0-ldap | < 7.0.30-0+deb9u1 | php7.0-ldap_7.0.30-0+deb9u1_armhf.deb |
| Debian | 9 | mips | php7.0-sqlite3-dbgsym | < 7.0.30-0+deb9u1 | php7.0-sqlite3-dbgsym_7.0.30-0+deb9u1_mips.deb |
| Debian | 9 | i386 | php7.0-pspell | < 7.0.30-0+deb9u1 | php7.0-pspell_7.0.30-0+deb9u1_i386.deb |
| Debian | 8 | armel | php5-tidy | < 5.6.36+dfsg-0+deb8u1 | php5-tidy_5.6.36+dfsg-0+deb8u1_armel.deb |
| Debian | 9 | mipsel | php7.0-interbase | < 7.0.30-0+deb9u1 | php7.0-interbase_7.0.30-0+deb9u1_mipsel.deb |
| Debian | 9 | armhf | php7.0-common-dbgsym | < 7.0.30-0+deb9u1 | php7.0-common-dbgsym_7.0.30-0+deb9u1_armhf.deb |
| Debian | 9 | armel | php7.0-ldap | < 7.0.30-0+deb9u1 | php7.0-ldap_7.0.30-0+deb9u1_armel.deb |
| Debian | 9 | armhf | php7.0-phpdbg | < 7.0.30-0+deb9u1 | php7.0-phpdbg_7.0.30-0+deb9u1_armhf.deb |
| Debian | 9 | armhf | php7.0-fpm | < 7.0.30-0+deb9u1 | php7.0-fpm_7.0.30-0+deb9u1_armhf.deb |
| Debian | 9 | mips | php7.0-soap | < 7.0.30-0+deb9u1 | php7.0-soap_7.0.30-0+deb9u1_mips.deb |
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
Low
0.921 High
EPSS
Percentile
98.9%