Debian DSA-2961-1 : php5 - security update
Medium Nessus Plugin ID 76082
SynopsisThe remote Debian host is missing a security-related update.
DescriptionIt was discovered that PHP, a general-purpose scripting language commonly used for web application development, is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.
SolutionUpgrade the php5 packages.
For the stable distribution (wheezy), this problem has been fixed in version 5.4.4-14+deb7u11.