Debian DSA-2001-1 : php5 - multiple vulnerabilities

Critical Nessus Plugin ID 44865

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2009-4142 The htmlspecialchars function does not properly handle invalid multi-byte sequences.

- CVE-2009-4143 Memory corruption via session interruption.

In the stable distribution (lenny), this update also includes bug fixes (bug #529278, #556459, #565387, #523073) that were to be included in a stable point release as version 5.2.6.dfsg.1-1+lenny5.

Solution

Upgrade the php5 packages.

For the stable distribution (lenny), these problems have been fixed in version 5.2.6.dfsg.1-1+lenny6.

See Also

https://security-tracker.debian.org/tracker/CVE-2009-4142

https://security-tracker.debian.org/tracker/CVE-2009-4143

https://www.debian.org/security/2010/dsa-2001

Plugin Details

Severity: Critical

ID: 44865

File Name: debian_DSA-2001.nasl

Version: 1.11

Type: local

Agent: unix

Published: 2010/02/24

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:php5, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2010/02/19

Reference Information

CVE: CVE-2009-4142, CVE-2009-4143

BID: 37390

DSA: 2001

CWE: 79