It was discovered that PHP, a general-purpose scripting language commonly used for web application development, is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query. For the stable distribution (wheezy), this problem has been fixed in version 5.4.4-14+deb7u11. For the testing distribution (jessie), this problem has been fixed in version 5.6.0~beta4+dfsg-3. For the unstable distribution (sid), this problem has been fixed in version 5.6.0~beta4+dfsg-3. We recommend that you upgrade your php5 packages.
It was discovered that PHP, a general-purpose scripting language commonly used for web application development, is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query.
For the stable distribution (wheezy), this problem has been fixed in version 5.4.4-14+deb7u11.
For the testing distribution (jessie), this problem has been fixed in version 5.6.0~beta4+dfsg-3.
For the unstable distribution (sid), this problem has been fixed in version 5.6.0~beta4+dfsg-3.
We recommend that you upgrade your php5 packages.