Lucene search

DebianDEBIAN:DSA-4527-1:75FBD

HistorySep 19, 2019 - 8:47 p.m.

[SECURITY] [DSA 4527-1] php7.3 security update

2019-09-1920:47:45

lists.debian.org

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.8 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.0%

JSON

Debian Security Advisory DSA-4527-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
September 19, 2019 https://www.debian.org/security/faq

Package : php7.3
CVE ID : CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041
CVE-2019-11042

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language: Missing sanitising in the EXIF
extension and the iconv_mime_decode_headers() function could result in
information disclosure or denial of service.

For the stable distribution (buster), these problems have been fixed in
version 7.3.9-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9s390xphp7.0-xmlrpc-dbgsym< 7.0.33-0+deb9u5php7.0-xmlrpc-dbgsym_7.0.33-0+deb9u5_s390x.deb
Debian10mipselphp7.3-bz2-dbgsym< 7.3.9-1~deb10u1php7.3-bz2-dbgsym_7.3.9-1~deb10u1_mipsel.deb
Debian9armhfphp7.0-tidy-dbgsym< 7.0.33-0+deb9u5php7.0-tidy-dbgsym_7.0.33-0+deb9u5_armhf.deb
Debian9amd64php7.0-snmp-dbgsym< 7.0.33-0+deb9u5php7.0-snmp-dbgsym_7.0.33-0+deb9u5_amd64.deb
Debian10amd64php7.3-tidy-dbgsym< 7.3.9-1~deb10u1php7.3-tidy-dbgsym_7.3.9-1~deb10u1_amd64.deb
Debian10arm64php7.3-tidy< 7.3.9-1~deb10u1php7.3-tidy_7.3.9-1~deb10u1_arm64.deb
Debian9mipselphp7.0-bz2-dbgsym< 7.0.33-0+deb9u5php7.0-bz2-dbgsym_7.0.33-0+deb9u5_mipsel.deb
Debian10s390xphp7.3-sybase-dbgsym< 7.3.9-1~deb10u1php7.3-sybase-dbgsym_7.3.9-1~deb10u1_s390x.deb
Debian8armellibapache2-mod-php5< 5.6.40+dfsg-0+deb8u5libapache2-mod-php5_5.6.40+dfsg-0+deb8u5_armel.deb
Debian9mips64ellibapache2-mod-php7.0< 7.0.33-0+deb9u5libapache2-mod-php7.0_7.0.33-0+deb9u5_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	s390x	php7.0-xmlrpc-dbgsym	< 7.0.33-0+deb9u5	php7.0-xmlrpc-dbgsym_7.0.33-0+deb9u5_s390x.deb
Debian	10	mipsel	php7.3-bz2-dbgsym	< 7.3.9-1~deb10u1	php7.3-bz2-dbgsym_7.3.9-1~deb10u1_mipsel.deb
Debian	9	armhf	php7.0-tidy-dbgsym	< 7.0.33-0+deb9u5	php7.0-tidy-dbgsym_7.0.33-0+deb9u5_armhf.deb
Debian	9	amd64	php7.0-snmp-dbgsym	< 7.0.33-0+deb9u5	php7.0-snmp-dbgsym_7.0.33-0+deb9u5_amd64.deb
Debian	10	amd64	php7.3-tidy-dbgsym	< 7.3.9-1~deb10u1	php7.3-tidy-dbgsym_7.3.9-1~deb10u1_amd64.deb
Debian	10	arm64	php7.3-tidy	< 7.3.9-1~deb10u1	php7.3-tidy_7.3.9-1~deb10u1_arm64.deb
Debian	9	mipsel	php7.0-bz2-dbgsym	< 7.0.33-0+deb9u5	php7.0-bz2-dbgsym_7.0.33-0+deb9u5_mipsel.deb
Debian	10	s390x	php7.3-sybase-dbgsym	< 7.3.9-1~deb10u1	php7.3-sybase-dbgsym_7.3.9-1~deb10u1_s390x.deb
Debian	8	armel	libapache2-mod-php5	< 5.6.40+dfsg-0+deb8u5	libapache2-mod-php5_5.6.40+dfsg-0+deb8u5_armel.deb
Debian	9	mips64el	libapache2-mod-php7.0	< 7.0.33-0+deb9u5	libapache2-mod-php7.0_7.0.33-0+deb9u5_mips64el.deb