1. Server >
  2. Unix Server >
  3. USN-3045-1: PHP vulnerabilities


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

USN-3045-1: PHP vulnerabilities

RSS Kategorie Pfeil Unix Server vom | Quelle: ubuntu.com Direktlink öffnen

Ubuntu Security Notice USN-3045-1

2nd August, 2016

php5, php7.0 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in PHP.

Software description

  • php5 - HTML-embedded scripting language interpreter
  • php7.0 - HTML-embedded scripting language interpreter

Details

It was discovered that PHP incorrectly handled certain SplMinHeap::compare
operations. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116)

It was discovered that PHP incorrectly handled recursive method calls. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2015-8873)

It was discovered that PHP incorrectly validated certain Exception objects
when unserializing data. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04
LTS. (CVE-2015-8876)

It was discovered that PHP header() function performed insufficient
filtering for Internet Explorer. A remote attacker could possibly use this
issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS
and Ubuntu 14.04 LTS. (CVE-2015-8935)

It was discovered that PHP incorrectly handled certain locale operations.
An attacker could use this issue to cause PHP to crash, resulting in a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2016-5093)

It was discovered that the PHP php_html_entities() function incorrectly
handled certain string lengths. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04
LTS. (CVE-2016-5094, CVE-2016-5095)

It was discovered that the PHP fread() function incorrectly handled certain
lengths. An attacker could use this issue to cause PHP to crash, resulting
in a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096)

It was discovered that the PHP FastCGI Process Manager (FPM) SAPI
incorrectly handled memory in the access logging feature. An attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly expose sensitive information. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)

It was discovered that PHP would not protect applications from contents of
the HTTP_PROXY environment variable when based on the contents of the Proxy
header from HTTP requests. A remote attacker could possibly use this issue
in combination with scripts that honour the HTTP_PROXY variable to redirect
outgoing HTTP requests. (CVE-2016-5385)

Hans Jerry Illikainen discovered that the PHP bzread() function incorrectly
performed error handling. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-5399)

It was discovered that certain PHP multibyte string functions incorrectly
handled memory. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768)

It was discovered that the PHP Mcrypt extension incorrectly handled memory.
A remote attacker could use this issue to cause PHP to crash, resulting in
a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769)

It was discovered that the PHP garbage collector incorrectly handled
certain objects when unserializing malicious data. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue was only addressed in Ubuntu
Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)

It was discovered that PHP incorrectly handled memory when unserializing
malicious xml data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2016-5772)

It was discovered that the PHP php_url_parse_ex() function incorrectly
handled string termination. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04
LTS. (CVE-2016-6288)

It was discovered that PHP incorrectly handled path lengths when extracting
certain Zip archives. A remote attacker could use this issue to cause PHP
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-6289)

It was discovered that PHP incorrectly handled session deserialization. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2016-6290)

It was discovered that PHP incorrectly handled exif headers when processing
certain JPEG images. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-6291, CVE-2016-6292)

It was discovered that PHP incorrectly handled certain locale operations. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2016-6294)

It was discovered that the PHP garbage collector incorrectly handled
certain objects when unserializing SNMP data. A remote attacker could use
this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2016-6295)

It was discovered that the PHP xmlrpc_encode_request() function incorrectly
handled certain lengths. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-6296)

It was discovered that the PHP php_stream_zip_opener() function incorrectly
handled memory. An attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-6297)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 16.04 LTS:
php7.0-fpm 7.0.8-0ubuntu0.16.04.2
libapache2-mod-php7.0 7.0.8-0ubuntu0.16.04.2
php7.0-cli 7.0.8-0ubuntu0.16.04.2
php7.0-cgi 7.0.8-0ubuntu0.16.04.2
Ubuntu 14.04 LTS:
php5-cli 5.5.9+dfsg-1ubuntu4.19
php5-cgi 5.5.9+dfsg-1ubuntu4.19
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.19
php5-fpm 5.5.9+dfsg-1ubuntu4.19
Ubuntu 12.04 LTS:
php5-cli 5.3.10-1ubuntu3.24
php5-cgi 5.3.10-1ubuntu3.24
libapache2-mod-php5 5.3.10-1ubuntu3.24
php5-fpm 5.3.10-1ubuntu3.24

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935, CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096, CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768, CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297

...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu USN-3045-1: PHP vulnerabilities






Ähnliche Beiträge

  • 1. IBM Security Access Manager For Web URL Parameter Information Disclosure vom 172.93 Punkte ic_school_black_18dp
    Es wurde eine problematische Schwachstelle in IBM Security Access Manager For Web - die betroffene Version ist unbekannt - ausgemacht. Hiervon betroffen ist eine unbekannte Funktion der Komponente URL Parameter Handler. Durch die Manipulation mit einer un
  • 2. HPR2696: HPR Community News for November 2018 vom 118.37 Punkte ic_school_black_18dp
    New hosts Welcome to our new host: desearcher. Last Month's Shows Id Day Date Title Host 2674 Thu 2018-11-01 Raspberry pi3 open media server JWP 2675 Fri 2018-11-02 YouTube Playlists Ahuka
  • 3. HPR2696: HPR Community News for November 2018 vom 118.37 Punkte ic_school_black_18dp
    New hosts Welcome to our new host: desearcher. Last Month's Shows Id Day Date Title Host 2674 Thu 2018-11-01 Raspberry pi3 open media server JWP 2675 Fri 2018-11-02 YouTube Playlists Ahuka
  • 4. HPR2806: HPR Community News for April 2019 vom 111.63 Punkte ic_school_black_18dp
    New hosts There were no new hosts this month. Last Month's Shows Id Day Date Title Host 2781 Mon 2019-04-01 HPR Community News for March 2019 HPR Volunteers 2782 Tue 2019-04-02 Never stop gaming klaatu 2783 Wed 2019-04-03 The Windows "Shutdown.exe" Command Explained Claudio Miranda 2784
  • 5. HPR2806: HPR Community News for April 2019 vom 111.63 Punkte ic_school_black_18dp
    New hosts There were no new hosts this month. Last Month's Shows Id Day Date Title Host 2781 Mon 2019-04-01 HPR Community News for March 2019 HPR Volunteers 2782 Tue 2019-04-02 Never stop gaming klaatu 2783 Wed 2019-04-03 The Windows "Shutdown.exe" Command Explained Claudio Miranda 2784
  • 6. HPR2891: HPR Community News for August 2019 vom 106.82 Punkte ic_school_black_18dp
    New hosts There were no new hosts this month. Last Month's Shows Id Day Date Title Host 2869 Thu 2019-08-01 building a bike, following in John Kulp's footsteps Brian in Ohio 2870 Fri 2019-08-02 Hierarchy of Evidence Ahuka 2871 Mon 2019-08-05
  • 7. HPR2826: HPR Community News for May 2019 vom 101.05 Punkte ic_school_black_18dp
    New hosts Welcome to our new hosts: Joel D, Zen_Floater2. Last Month's Shows Id Day Date Title Host 2803 Wed 2019-05-01 Update on my Raspi 3 B OpenMedia Vault and Next Cloud instances JWP 2804 Thu 2019-05-02 Awk Part 13: Fix-Width Field Processing b-yeezi 2
  • 8. HPR2846: HPR Community News for June 2019 vom 100.09 Punkte ic_school_black_18dp
    New hosts Welcome to our new host: Shannon Wright. Last Month's Shows Id Day Date Title Host 2826 Mon 2019-06-03 HPR Community News for May 2019 HPR Volunteers 2827 Tue 2019-06-04 Unscripted ramblings from my garage about my first CTF event Christopher M. Hobbs 2828 Wed 2019-06-05 Writi
  • 9. HPR2871: HPR Community News for July 2019 vom 94.31 Punkte ic_school_black_18dp
    New hosts Welcome to our new host: mightbemike. Last Month's Shows Id Day Date Title Host 2846 Mon 2019-07-01 HPR Community News for June 2019 HPR Volunteers 2847 Tue 2019-07-02 earbuds operat0r 2848 Wed 2019-07-03 Random numbers in Haskell tuturto 2849 Thu 2019-07-04 HPR NYE Show
  • 10. PHP bis 5.5.37 php_url_parse_ex Pufferüberlauf vom 81.8 Punkte ic_school_black_18dp
    Es wurde eine kritische Schwachstelle in PHP bis 5.5.37 entdeckt. Dabei betrifft es die Funktion php_url_parse_ex. Durch das Beeinflussen mit einer unbekannten Eingabe kann eine Pufferüberlauf-Schwachstelle ausgenutzt werden. Auswirkungen sind zu beobacht
  • 11. Linux Kernel 3.8 Session Keyring Reference Count Handler process_keys.c join_session_keyring() Pufferüberlauf vom 81.68 Punkte ic_school_black_18dp
    Allgemein scipID: 80353 Betroffen: Linux Kernel 3.8 Veröffentlicht: 19.01.2016 Risiko: kritisch Erstellt: 21.01.2016 Eintrag: 72.3% komplett Beschreibung In Linux Kernel 3.8, ein Betriebssystem, wurde eine kritische Schwachstelle entdeckt. Dabei geht es um die Funkti
  • 12. ISC BIND 9 auf Ubuntu validator.c Denial of Service vom 81.68 Punkte ic_school_black_18dp
    Eine Schwachstelle wurde in ISC BIND 9 auf Ubuntu gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist eine unbekannte Funktion der Datei validator.c. Durch Manipulation mit einer unbekannten Eingabe kann eine Denial of Service-Schwachstelle (Crash) ausg