| Package | php5 |
|---|---|
| Version | 5.4.45-0+deb7u29 |
| Related CVEs | CVE-2019-18218 CVE-2020-7064 CVE-2020-7066 CVE-2020-7067 |
Four issues have been found in php5, a server-side, HTML-embedded scripting language.
CVE-2020-7064 A one byte out-of-bounds read, which could potentially lead to information disclosure or crash.
CVE-2020-7066 An URL containing zero (\0) character will be truncated at it, which may cause some software to make incorrect assumptions and possibly send some information to a wrong server.
CVE-2020-7067 Using a malformed url-encoded string an Out-of-Bounds read can occur.
CVE-2019-18218 Fix to restrict the number of CDF_VECTOR elements to prevent a heap-based buffer overflow (4-byte out-of-bounds write). (originally this CVE was filed against package “file” but php5 contains an embedded version of that package)
For Debian 7 Wheezy, these problems have been fixed in version 5.4.45-0+deb7u29.
We recommend that you upgrade your php5 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.