Debian DLA-1066-1 : php5 security update
Medium Nessus Plugin ID 102786
SynopsisThe remote Debian host is missing a security update.
DescriptionA stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives.
For Debian 7 'Wheezy', these problems have been fixed in version 5.4.45-0+deb7u10.
We recommend that you upgrade your php5 packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.