Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Ubuntu 14.04 ESM: USN-3566-2 Critical: PHP Access Issues

ubuntu
Calendar Grey May 22, 2019
Dist Ubuntu Esm H88
A recent patch for PHP in Ubuntu addresses multiple security flaws, mitigating risks of potential data exposure and service disruptions.
Several security issues were fixed in PHP.

Summary

Several security issues were fixed in PHP.

Software Description:

- php5: HTML-embedded scripting language interpreter

Details:

USN-3566-1 fixed several vulnerabilities in PHP. This update provides

the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

It was discovered that PHP incorrectly handled certain files. An

attacker could possibly use this issue to access sensitive information.

(CVE-2018-20783)

It was discovered that PHP incorrectly handled certain files. An

attacker could possibly use this issue to access sensitive information

or possibly cause a crash, resulting in a denial of service. 

(CVE-2019-11036)

Original advisory details:

 It was discovered that PHP incorrectly handled memory when

 unserializing certain data. A remote attacker could use this issue to

 cause PHP to crash, resulting in a denial of service, or possibly

 execute arbitrary code. This issue only affected Ubuntu 12.04 ESM.

 (CVE-2017-12933)

 It was ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.29+esm2
  php5-cgi                        5.5.9+dfsg-1ubuntu4.29+esm2
  php5-cli                        5.5.9+dfsg-1ubuntu4.29+esm2
  php5-fpm                        5.5.9+dfsg-1ubuntu4.29+esm2

Ubuntu 12.04 ESM:
  libapache2-mod-php5             5.3.10-1ubuntu3.36
  php5-cgi                        5.3.10-1ubuntu3.36
  php5-cli                        5.3.10-1ubuntu3.36
  php5-fpm                        5.3.10-1ubuntu3.36

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-3566-2

  https://ubuntu.com/security/notices/USN-3566-1

  CVE-2016-10712, CVE-2017-11362, CVE-2017-12933, CVE-2018-20783,

  CVE-2019-11036

Severity
critical
Lowest
Low
Medium
High
Critical

May 22, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.