Debian DSA-2816-1 : php5 - several vulnerabilities
High Nessus Plugin ID 71402
The remote Debian host is missing a security-related update.
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-6420 Stefan Esser reported possible memory corruption in openssl_x509_parse(). - CVE-2013-6712 Creating DateInterval objects from parsed ISO dates was not properly restricted, which allowed to cause a denial of service. In addition, the update for Debian 7 'Wheezy' contains several bugfixes originally targeted for the upcoming Wheezy point release.
Upgrade the php5 packages. For the oldstable distribution (squeeze), these problems have been fixed in version 5.3.3-7+squeeze18. For the stable distribution (wheezy), these problems have been fixed in version 5.4.4-14+deb7u7.