Ops One AG

You can subscribe via email or RSS

Monday 24th September 2018

Managed Server Version 5: php5 update, scheduled 5 months ago

A vulnerability has been discovered in php5, a server-side, HTML-embedded scripting language. The Apache2 component allows XSS via the body of a "Transfer-Encoding: chunked" request because of a defect in request handling.

php5-cli/oldstable 5.6.38+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.37+dfsg-0+deb8u1] php5-common/oldstable 5.6.38+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.37+dfsg-0+deb8u1] php5-curl/oldstable 5.6.38+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.37+dfsg-0+deb8u1] php5-fpm/oldstable 5.6.38+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.37+dfsg-0+deb8u1] php5-gd/oldstable 5.6.38+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.37+dfsg-0+deb8u1] php5-mcrypt/oldstable 5.6.38+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.37+dfsg-0+deb8u1] php5-mysql/oldstable 5.6.38+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.37+dfsg-0+deb8u1] php5-readline/oldstable 5.6.38+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.37+dfsg-0+deb8u1]