Ubuntu 14.04 LTS USN-2344-1 Critical: PHP5 Buffer Overflow
Sep 10, 2014
•
LinuxSecurity Advisories
1 - 2 min read
php5 could be made to crash or run programs if it receivedspecially crafted network traffic.
=========================================================================Ubuntu Security Notice USN-2344-1 September 10, 2014 php5 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: php5 could be made to crash or run programs if it received specially crafted network traffic. Software Description: - php5: HTML-embedded scripting language interpreter Details: It was discovered that the Fileinfo component in php5 contains an integer overflow. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via a crafted CDF file. (CVE-2014-3587) It was discovered that the php_parserr function contains multiple buffer overflows. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via crafted DNS records. (CVE-2014-3597) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.4 php5 5.5.9+dfsg-1ubuntu4.4 php5-cgi 5.5.9+dfsg-1ubuntu4.4 php5-fpm 5.5.9+dfsg-1ubuntu4.4 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.14 php5 5.3.10-1ubuntu3.14 php5-cgi 5.3.10-1ubuntu3.14 php5-fpm 5.3.10-1ubuntu3.14 Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.27 php5 5.3.2-1ubuntu4.27 php5-cgi 5.3.2-1ubuntu4.27 After a standard system update you need to restart Apache or php5-fpm to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2344-1 CVE-2014-3587, CVE-2014-3597 Package Information: https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.4 https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.14 https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.27
PREVIOUS
NEXT
Ubuntu 14.04 LTS USN-2344-1 Critical: PHP5 Buffer Overflow
ubuntu
September 10, 2014
php5 could be made to crash or run programs if it receivedspecially crafted network traffic.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.4 php5 5.5.9+dfsg-1ubuntu4.4 php5-cgi 5.5.9+dfsg-1ubuntu4.4 php5-fpm 5.5.9+dfsg-1ubuntu4.4 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.14 php5 5.3.10-1ubuntu3.14 php5-cgi 5.3.10-1ubuntu3.14 php5-fpm 5.3.10-1ubuntu3.14 Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.27 php5 5.3.2-1ubuntu4.27 php5-cgi 5.3.2-1ubuntu4.27 After a standard system update you need to restart Apache or php5-fpm to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-2344-1
CVE-2014-3587, CVE-2014-3597
Severity
critical
Lowest
Low
Medium
High
Critical
September 10, 2014
Package Information
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.4 https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.14 https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.27
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!