Re: [SECURITY] [DSA 2403-2] php5 security update

To: Danny van der Meulen <dmeulen@ebay.com>
Cc: "debian-security@lists.debian.org" <debian-security@lists.debian.org>, Thijs Kinkhorst <thijs@debian.org>, "debian-security-announce@lists.debian.org" <debian-security-announce@lists.debian.org>
Subject: Re: [SECURITY] [DSA 2403-2] php5 security update
From: Tomasz Ciolek <tmc@vandradlabs.com.au>
Date: Tue, 7 Feb 2012 08:07:42 +1100
Message-id: <20120206210742.GE1863@vandradlabs.com.au>
In-reply-to: <4F302A4B.90407@ebay.com>
References: <20120206192150.61A4059990@kinkhorst.com> <4F302A4B.90407@ebay.com>

Danny,

 I believe this is a re-issue to vocer lenny and sid/wheezy, as the original php5 advisory for this issue was lenny only. 

Tomasz

On Mon, Feb 06, 2012 at 08:30:19PM +0100, Danny van der Meulen wrote:
> *sigh*
> 
> And here we go once again...
> 
> D
> 
> On 02/06/2012 08:21 PM, Thijs Kinkhorst wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >- -------------------------------------------------------------------------
> >Debian Security Advisory DSA-2403-2                   security@debian.org
> >http://www.debian.org/security/                           Thijs Kinkhorst
> >February 06, 2012                      http://www.debian.org/security/faq
> >- -------------------------------------------------------------------------
> >
> >Package        : php5
> >Vulnerability  : code injection
> >Problem type   : remote
> >Debian-specific: no
> >CVE ID         : CVE-2012-0830
> >
> >Stefan Esser discovered that the implementation of the max_input_vars
> >configuration variable in a recent PHP security update was flawed such
> >that it allows remote attackers to crash PHP or potentially execute
> >code.
> >
> >This update adds packages for the oldstable distribution, which were
> >missing from the original advisory. The problem has been fixed in
> >version 5.2.6.dfsg.1-1+lenny16, installed into the security archive
> >on 3 Feb 2012.
> >
> >For the stable distribution (squeeze), this problem has been fixed in
> >version 5.3.3-7+squeeze7.
> >
> >For the unstable distribution (sid), this problem has been fixed in
> >version 5.3.10-1.
> >
> >We recommend that you upgrade your php5 packages.
> >
> >Further information about Debian Security Advisories, how to apply
> >these updates to your system and frequently asked questions can be
> >found at: http://www.debian.org/security/
> >
> >Mailing list: debian-security-announce@lists.debian.org
> >-----BEGIN PGP SIGNATURE-----
> >Version: GnuPG v1.4.11 (GNU/Linux)
> >
> >iQEcBAEBAgAGBQJPMCgcAAoJEOxfUAG2iX57D2UH/1ObFjP57TX0K+iH2n4+1dkN
> >73ZMXEEudfZdRmKY2fHl4BcNb7hVGruKPSSnHVWHjgaoIoPPHST5dncSqi1946Km
> >oXyOB/eyiYLvhRYKjExRt99GIoC89p8VUsPE8uR3IT5cUsp4nPIQDnhLLnQd4VCk
> >Da9m5CzrAGU1RiCilb7IqKVedqQ3ewroDbgVHoRpzvpIkvKNXR3jhZSEvYHB4BQ7
> >qvnmOMNwJ+Dx6ZoS+sZpCBvucubo1nldyFCqqznc9OZMHXIgn7//YQAYcYGDkC8U
> >WL35ZubBP5+Vbnoh4Gjm1q5thizvMTZJD13dqY//0swqwEigLT1DodB1WL2Z2Bs=
> >=222m
> >-----END PGP SIGNATURE-----
> >
> >
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: 4F302A4B.90407@ebay.com">http://lists.debian.org/4F302A4B.90407@ebay.com

-- 
Tomasz M. Ciolek	
*******************************************************************************
 tmc at vandradlabs dot com dot au 
*******************************************************************************
   GPG Key ID:		0x41C4C2F0
   GPG Key Fingerprint: 3883 B308 8256 2246 D3ED  A1FF 3A1D 0EAD 41C4 C2F0
   Key available on good key-servers
*******************************************************************************

Reply to:

References:
- Re: [SECURITY] [DSA 2403-2] php5 security update
  - From: Danny van der Meulen <dmeulen@ebay.com>

Prev by Date: Re: [SECURITY] [DSA 2403-2] php5 security update
Next by Date: how to fix rootkit?
Previous by thread: Re: [SECURITY] [DSA 2403-2] php5 security update
Next by thread: how to fix rootkit?
Index(es):
- Date
- Thread