ELA-128-1 php5 security update

several vulnerabilities

2019-06-03
Packagephp5
Version5.4.45-0+deb7u23
Related CVE CVE-2019-11039 CVE-2019-11040

Two vulnerabilities were found in PHP, a widely-used open source general purpose scripting language.

CVE-2019-11039

An integer underflow in the iconv module could be exploited to trigger
an out of bounds read.

CVE-2019-11040

A heap buffer overflow was discovered in the EXIF parsing code.

For Debian 7 Wheezy, these problems have been fixed in version 5.4.45-0+deb7u23.

We recommend that you upgrade your php5 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/