HistoryNov 04, 2014 - 12:00 a.m.

Debian Security Advisory DSA 3064-1 (php5 - security update)

Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development. It has been
decided to follow the stable 5.4.x releases for the Wheezy PHP packages.
Consequently the vulnerabilities are addressed by upgrading PHP to a new
upstream version 5.4.34, which includes additional bug fixes, new
features and possibly incompatible changes. Please refer to the upstream
changelog for more information:

    script_cve_id("CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670");
    script_name("Debian Security Advisory DSA 3064-1 (php5 - security update)");
    script_xref(name: "URL", value: "");


    script_tag(name: "affected",  value: "php5 on Debian Linux");
        script_tag(name: "insight",   value: "This package is a metapackage that, when installed, guarantees that you
have at least one of the four server-side versions of the PHP5 interpreter
installed. Removing this package won't remove PHP5 from your system, however
it may remove other packages that depend on this one.");
    script_tag(name: "solution",  value: "For the stable distribution (wheezy), these problems have been fixed in
version 5.4.34-0+deb7u1.

We recommend that you upgrade your php5 packages.");
    script_tag(name: "summary",   value: "Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development. It has been
decided to follow the stable 5.4.x releases for the Wheezy PHP packages.
Consequently the vulnerabilities are addressed by upgrading PHP to a new
upstream version 5.4.34, which includes additional bug fixes, new
features and possibly incompatible changes. Please refer to the upstream
changelog for more information:");
