Tag: security

Categories
Redis

Redis 3.2.8

Redis 3.2.7 has been released on January 31st 2017 to fix important security and correctness issues.

It is especially important to upgrade for Redis Cluster users and for users running Redis in their laptop since a cross-scripting attack is fixed in this release…

Then Redis 3.2.8 has been released on February 12th 2017 to fix potential deadlocks with Redis 3.2.7 and a crash after a socket error.

In both cases, the upgrade urgency is high.

The Redis 3.2.8 packages are now available :

  • for Debian 8 “Jessie” and Debian 7 “Wheezy”
  • on both amd64 and i386 architectures.
Categories
PHP

PHP 7.0.15 for Jessie

On January 19th 2017, the PHP group published PHP 7.0.15.

This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

Packages of PHP 7.0.15 are now available for Debian 8 “Jessie” on amd64 and i386 architectures, along with the following PECL extensions : APCu, APCu_bc, geoip, igbinary, imagick, memcached, mongodb, msgpack, redis, ssh2 and xdebug.

I’ll detail the plan for PHP 7.1 in a future post.

Categories
PHP

PHP 5.6.30 for Wheezy

On January 19th 2017, the PHP group released PHP 5.6.30.

This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

According to our release calendar, this PHP 5.6 version is the last planned release that contains regular bugfixes. All the consequent releases will contain only security-relevant fixes, for the term of two years. PHP 5.6 users that need further bugfixes are encouraged to upgrade to PHP 7.

PHP 5.6.30 packages are now available for Debian 7 “Wheezy”, on both amd64 and i386 architectures, in ZTS and non-ZTS (default) flavors, along with the usual PECL extensions.

Categories
PHP

PHP 7.0.14 for Jessie

On December 8th 2016, the PHP group published PHP 7.0.14.

This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

Packages of PHP 7.0.14 are now available for Debian 8 “Jessie” on amd64 and i386 architectures, along with the following PECL extensions : APCu, APCu_bc, geoip, igbinary, imagick, memcached, mongodb, msgpack, redis, ssh2 and xdebug (Careful, PHP 7 support from some of them is still very young!).

I’ll detail the plan for PHP 7.1 in a future post.

Categories
PHP

PHP 5.6.29 for Wheezy

On December 8th 2016, the PHP group released PHP 5.6.29.

This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

PHP 5.6.29 packages are now available for Debian 7 “Wheezy”, on both amd64 and i386 architectures, in ZTS and non-ZTS (default) flavors, along with the usual PECL extensions.

Categories
PHP

PHP 5.6.28 for Wheezy

On November 10th 2016, the PHP group released PHP 5.6.28.

This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

PHP 5.6.28 packages are now available for Debian 7 “Wheezy”, on both amd64 and i386 architectures, in ZTS and non-ZTS (default) flavors, along with the usual PECL extensions.

Categories
PHP

PHP 7.0.13 for Jessie

On November 10th 2016, the PHP group published PHP 7.0.13.

This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

Packages of PHP 7.0.13 are now available for Debian 8 “Jessie” on amd64 and i386 architectures, along with the following PECL extensions : APCu, APCu_bc, geoip, igbinary, imagick, memcached, mongodb, msgpack, redis, ssh2 and xdebug (Careful, PHP 7 support from some of them is still very young!).

Categories
Nginx

Update : Nginx 1.10.2

Packages of Nginx 1.10.2 for Jessie and Wheezy – amd64 and i386 – have been updated to fix CVE 2016-1247.

Secure log file handling (owner & permissions) against privilege escalation attacks. /var/log/nginx is now owned by root:adm. Thanks Dawid Golunski for the report. Changing /var/log/nginx permissions effectively reopens #701112, since log files can be world-readable. This is a trade-off until a better log opening solution is implemented upstream (trac:376).

This update can also bring full HTTP2 support to Jessie with a new additional repository. As a reminder, Chrome as a browser was not supported on stock Jessie, because it requires a more recent OpenSSL 1.0.2 for its ALPN protocol. Now that jessie-backports includes such an OpenSSL version, Dotdeb provides Nginx packages with full HTTP2 support for Chrome. Here is how to install them :

  1. Activate the jessie-backports repository because you will now rely on its OpenSSL 1.0.2+ backport
  2. Add the following additional repo to your sources.list : 
    deb http://packages.dotdeb.org jessie-nginx-http2 all
  3. Upgrade your Nginx packages as usual

Please note that this change will not be available on Wheezy.

Categories
PHP

PHP 7.0.12 for Jessie

On October 13th 2016, the PHP group published PHP 7.0.12.

This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

Packages of PHP 7.0.12 are now available for Debian 8 “Jessie” on amd64 and i386 architectures, along with the following PECL extensions : APCu, APCu_bc, geoip, igbinary, imagick, memcached, mongodb, msgpack, redis, ssh2 and xdebug (Careful, PHP 7 support from some of them is still very young!).

Categories
PHP

PHP 5.6.27 for Wheezy

On October 14th 2016, the PHP group released PHP 5.6.27.

This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

PHP 5.6.27 packages are now available for Debian 7 “Wheezy”, on both amd64 and i386 architectures, in ZTS and non-ZTS (default) flavors, along with the usual PECL extensions.