Debian Security Advisory
DSA-2723-1 php5 -- heap corruption
- Date Reported:
- 17 Jul 2013
- Affected Packages:
- php5
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 717139.
In Mitre's CVE dictionary: CVE-2013-4113. - More information:
-
It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely.
For the oldstable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze16.
For the stable distribution (wheezy), this problem has been fixed in version 5.4.4-14+deb7u3.
For the unstable distribution (sid), this problem has been fixed in version 5.5.0+dfsg-15.
We recommend that you upgrade your php5 packages.