Debian DSA-2001-1 : php5 - multiple vulnerabilities
Critical Nessus Plugin ID 44865
SynopsisThe remote Debian host is missing a security-related update.
DescriptionSeveral remote vulnerabilities have been discovered in PHP 5, an hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2009-4142 The htmlspecialchars function does not properly handle invalid multi-byte sequences.
- CVE-2009-4143 Memory corruption via session interruption.
In the stable distribution (lenny), this update also includes bug fixes (bug #529278, #556459, #565387, #523073) that were to be included in a stable point release as version 5.2.6.dfsg.1-1+lenny5.
SolutionUpgrade the php5 packages.
For the stable distribution (lenny), these problems have been fixed in version 5.2.6.dfsg.1-1+lenny6.