ELA-32-1 php5 security update

several vulnerabilities

2018-08-31
Packagephp5
Version5.4.45-0+deb7u15
Related CVEs CVE-2018-14851 CVE-2018-14883

Two vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. One (CVE-2018-14851) results in a potential denial of service (out-of-bounds read and application crash) via a crafted JPEG file. The other (CVE-2018-14883) is an Integer Overflow that leads to a heap-based buffer over-read.

For Debian 7 Wheezy, these problems have been fixed in version 5.4.45-0+deb7u15.

We recommend that you upgrade your php5 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/