Debian DSA-3074-1 : php5 - security update
Medium Nessus Plugin ID 79339
SynopsisThe remote Debian host is missing a security-related update.
DescriptionFrancisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.
As announced in DSA-3064-1 it has been decided to follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently the vulnerability is addressed by upgrading PHP to a new upstream version 5.4.35, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information :
SolutionUpgrade the php5 packages.
For the stable distribution (wheezy), this problem has been fixed in version 5.4.35-0+deb7u1.