Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Ubuntu 14.04 ESM: USN-4009-2 Critical PHP Denial of Service Issues

ubuntu
Calendar Grey June 5, 2019
Dist Ubuntu Esm H88
Significant vulnerabilities in PHP addressed for Ubuntu 14.04 and 12.04 ESM as of June 05, 2019. Check for guidance on updating.
Several security issues were fixed in PHP.

Summary

Several security issues were fixed in PHP.

Software Description:

- php5: HTML-embedded scripting language interpreter

Details:

USN-4009-1 fixed several vulnerabilities in PHP. This update provides

the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

 It was discovered that PHP incorrectly decoding certain MIME headers.

 A remote attacker could possibly use this issue to cause PHP to crash,

 resulting in a denial of service. (CVE-2019-11039)

 It was discovered that PHP incorrectly handled certain exif tags in

 images. A remote attacker could use this issue to cause PHP to crash,

 resulting in a denial of service, or possibly execute arbitrary code.

 (CVE-2019-11040)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.29+esm3
  php5-cgi                        5.5.9+dfsg-1ubuntu4.29+esm3
  php5-cli                        5.5.9+dfsg-1ubuntu4.29+esm3
  php5-fpm                        5.5.9+dfsg-1ubuntu4.29+esm3

Ubuntu 12.04 ESM:
  libapache2-mod-php5             5.3.10-1ubuntu3.37
  php5-cgi                        5.3.10-1ubuntu3.37
  php5-cli                        5.3.10-1ubuntu3.37
  php5-fpm                        5.3.10-1ubuntu3.37

In general, a standard system update will make all the necessary
changes.

References

    https://ubuntu.com/security/notices/USN-4009-1

  CVE-2019-11039, CVE-2019-11040

Severity
critical
Lowest
Low
Medium
High
Critical

June 05, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.