Debian 10225 Published by

The following Debian updates has been released:

[DLA 546-2] clamav version update
[DLA 550-1] drupal7 security update
[DSA 3618-1] php5 security update



[DLA 546-2] clamav version update

Package : clamav
Version : 0.99.2+dfsg-0+deb7u2

DLA 546-1 was incorrectly released before updated clamav packages were
available and there were subsequent issues with the acceptance of the package
(which have since been corrected). Updates are now available for all
supported LTS architectures.

We recommend that you upgrade your clamav packages.

Upstream published version 0.99.2. This update updates wheezy-lts to the
latest upstream release in line with the approach used for other Debian
releases.

The changes are not strictly required for operation, but users of the previous
version in Wheezy may not be able to make use of all current virus signatures
and might get warnings.

For Debian 7 "Wheezy", this has been addressed in version
0.99.2+dfsg-0+deb7u2.

Further information about Debian LTS security advisories, how to apply these
updates to your system and frequently asked questions can be found at:
https://wiki.debian.org/LTS

[DLA 550-1] drupal7 security update

Package : drupal7
Version : 7.14-2+deb7u14
CVE ID : CVE-2016-6211

It was discovered that there was a vulnerability existed in the user
module in drupal7, a content management framework.

If some specific contributed or custom code triggers a rebuild of the
user profile form, a registered user can be granted all user roles on
the site. This would typically result in the user gaining administrative
access.

For Debian 7 "Wheezy", this issue has been fixed in drupal7 version
7.14-2+deb7u14.

We recommend that you upgrade your drupal7 packages.

[DSA 3618-1] php5 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3618-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 14, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : php5
CVE ID : CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771
CVE-2016-5772 CVE-2016-5773

Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.

The vulnerabilities are addressed by upgrading PHP to the new upstream
version 5.6.23, which includes additional bug fixes. Please refer to the
upstream changelog for more information:

https://php.net/ChangeLog-5.php#5.6.23

For the stable distribution (jessie), these problems have been fixed in
version 5.6.23+dfsg-0+deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 7.0.8-1 of the php7.0 source package.

We recommend that you upgrade your php5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/