Ubuntu 2952-1: PHP vulnerabilities

    Date21 Apr 2016
    CategoryUbuntu
    283
    Posted ByLinuxSecurity Advisories
    Several security issues were fixed in PHP.
    ==========================================================================
    Ubuntu Security Notice USN-2952-1
    April 21, 2016
    
    php5 vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 15.10
    - Ubuntu 14.04 LTS
    - Ubuntu 12.04 LTS
    
    Summary:
    
    Several security issues were fixed in PHP.
    
    Software Description:
    - php5: HTML-embedded scripting language interpreter
    
    Details:
    
    It was discovered that the PHP Zip extension incorrectly handled
    directories when processing certain zip files. A remote attacker could
    possibly use this issue to create arbitrary directories. (CVE-2014-9767)
    
    It was discovered that the PHP Soap client incorrectly validated data
    types. A remote attacker could use this issue to cause PHP to crash,
    resulting in a denial of service, or possibly execute arbitrary code.
    (CVE-2015-8835, CVE-2016-3185)
    
    It was discovered that the PHP MySQL native driver incorrectly handled TLS
    connections to MySQL databases. A man in the middle attacker could possibly
    use this issue to downgrade and snoop on TLS connections. This
    vulnerability is known as BACKRONYM. (CVE-2015-8838)
    
    It was discovered that PHP incorrectly handled the imagerotate function. A
    remote attacker could use this issue to cause PHP to crash, resulting in a
    denial of service, or possibly obtain sensitive information. This issue
    only applied to Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-1903)
    
    Hans Jerry Illikainen discovered that the PHP phar extension incorrectly
    handled certain tar archives. A remote attacker could use this issue to
    cause PHP to crash, resulting in a denial of service, or possibly execute
    arbitrary code. (CVE-2016-2554)
    
    It was discovered that the PHP WDDX extension incorrectly handled certain
    malformed XML data. A remote attacker could possibly use this issue to
    cause PHP to crash, resulting in a denial of service, or possibly execute
    arbitrary code. (CVE-2016-3141)
    
    It was discovered that the PHP phar extension incorrectly handled certain
    zip files. A remote attacker could use this issue to cause PHP to crash,
    resulting in a denial of service, or possibly obtain sensitive information.
    (CVE-2016-3142)
    
    It was discovered that the PHP libxml_disable_entity_loader() setting was
    shared between threads. When running under PHP-FPM, this could result in
    XML external entity injection and entity expansion issues. This issue only
    applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (No CVE number)
    
    It was discovered that the PHP openssl_random_pseudo_bytes() function did
    not return cryptographically strong pseudo-random bytes. (No CVE number)
    
    It was discovered that the PHP Fileinfo component incorrectly handled
    certain magic files. An attacker could use this issue to cause PHP to
    crash, resulting in a denial of service, or possibly execute arbitrary
    code. (CVE number pending)
    
    It was discovered that the PHP php_snmp_error() function incorrectly
    handled string formatting. A remote attacker could use this issue to cause
    PHP to crash, resulting in a denial of service, or possibly execute
    arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu
    15.10. (CVE number pending)
    
    It was discovered that the PHP rawurlencode() function incorrectly handled
    large strings. A remote attacker could use this issue to cause PHP to
    crash, resulting in a denial of service. (CVE number pending)
    
    It was discovered that the PHP phar extension incorrectly handled certain
    filenames in archives. A remote attacker could use this issue to cause PHP
    to crash, resulting in a denial of service, or possibly execute arbitrary
    code. (CVE number pending)
    
    It was discovered that the PHP mb_strcut() function incorrectly handled
    string formatting. A remote attacker could use this issue to cause PHP to
    crash, resulting in a denial of service, or possibly execute arbitrary
    code. (CVE number pending)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 15.10:
      libapache2-mod-php5             5.6.11+dfsg-1ubuntu3.2
      php5-cgi                        5.6.11+dfsg-1ubuntu3.2
      php5-cli                        5.6.11+dfsg-1ubuntu3.2
      php5-fpm                        5.6.11+dfsg-1ubuntu3.2
      php5-gd                         5.6.11+dfsg-1ubuntu3.2
      php5-mysqlnd                    5.6.11+dfsg-1ubuntu3.2
      php5-snmp                       5.6.11+dfsg-1ubuntu3.2
    
    Ubuntu 14.04 LTS:
      libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.16
      php5-cgi                        5.5.9+dfsg-1ubuntu4.16
      php5-cli                        5.5.9+dfsg-1ubuntu4.16
      php5-fpm                        5.5.9+dfsg-1ubuntu4.16
      php5-gd                         5.5.9+dfsg-1ubuntu4.16
      php5-mysqlnd                    5.5.9+dfsg-1ubuntu4.16
      php5-snmp                       5.5.9+dfsg-1ubuntu4.16
    
    Ubuntu 12.04 LTS:
      libapache2-mod-php5             5.3.10-1ubuntu3.22
      php5-cgi                        5.3.10-1ubuntu3.22
      php5-cli                        5.3.10-1ubuntu3.22
      php5-fpm                        5.3.10-1ubuntu3.22
      php5-gd                         5.3.10-1ubuntu3.22
      php5-mysqlnd                    5.3.10-1ubuntu3.22
      php5-snmp                       5.3.10-1ubuntu3.22
    
    In general, a standard system update will make all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-2952-1
      CVE-2014-9767, CVE-2015-8835, CVE-2015-8838, CVE-2016-1903,
      CVE-2016-2554, CVE-2016-3141, CVE-2016-3142, CVE-2016-3185
    
    Package Information:
      https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.2
      https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.16
      https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.22
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.