Experts warn of a remote code execution vulnerability in PHP, tracked as CVE-2019-11043, has been exploited in attacks.
More information you can find here.
At this moment there are fixed versions of PHP 5 and PHP 7 into Debian repositories. Strongly recommend you to update your PHP as soon as possible.
Tuesday, October 29, 2019