SecurityHome.eu [USN-3045-1] PHP vulnerabilities

Home / mailings PDF

[USN-3045-1] PHP vulnerabilities
Posted on 02 August 2016
Ubuntu Security
==========================
==========================
========================
Ubuntu Security Notice USN-3045-1
August 02, 2016

php5, php7.0 vulnerabilities
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
- php7.0: HTML-embedded scripting language interpreter
- php5: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain SplMinHeap::compar=
e
operations. A remote attacker could use this issue to cause PHP to crash,=

resulting in a denial of service, or possibly execute arbitrary code. Thi=
s
issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116=
)

It was discovered that PHP incorrectly handled recursive method calls. A
remote attacker could use this issue to cause PHP to crash, resulting in =
a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2015-8873)

It was discovered that PHP incorrectly validated certain Exception object=
s
when unserializing data. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0=
4
LTS. (CVE-2015-8876)

It was discovered that PHP header() function performed insufficient
filtering for Internet Explorer. A remote attacker could possibly use thi=
s
issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS
and Ubuntu 14.04 LTS. (CVE-2015-8935)

It was discovered that PHP incorrectly handled certain locale operations.=

An attacker could use this issue to cause PHP to crash, resulting in a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2016-5093)

It was discovered that the PHP php_html_entities() function incorrectly
handled certain string lengths. A remote attacker could use this issue to=

cause PHP to crash, resulting in a denial of service, or possibly execute=

arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0=
4
LTS. (CVE-2016-5094, CVE-2016-5095)

It was discovered that the PHP fread() function incorrectly handled certa=
in
lengths. An attacker could use this issue to cause PHP to crash, resultin=
g
in a denial of service, or possibly execute arbitrary code. This issue on=
ly
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096)

It was discovered that the PHP FastCGI Process Manager (FPM) SAPI
incorrectly handled memory in the access logging feature. An attacker cou=
ld
use this issue to cause PHP to crash, resulting in a denial of service, o=
r
possibly expose sensitive information. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)

It was discovered that PHP would not protect applications from contents o=
f
the HTTP_PROXY environment variable when based on the contents of the Pro=
xy
header from HTTP requests. A remote attacker could possibly use this issu=
e
in combination with scripts that honour the HTTP_PROXY variable to redire=
ct
outgoing HTTP requests. (CVE-2016-5385)

Hans Jerry Illikainen discovered that the PHP bzread() function incorrect=
ly
performed error handling. A remote attacker could use this issue to cause=

PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-5399)

It was discovered that certain PHP multibyte string functions incorrectly=

handled memory. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768)

It was discovered that the PHP Mcrypt extension incorrectly handled memor=
y.
A remote attacker could use this issue to cause PHP to crash, resulting i=
n
a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5769)

It was discovered that the PHP garbage collector incorrectly handled
certain objects when unserializing malicious data. A remote attacker coul=
d
use this issue to cause PHP to crash, resulting in a denial of service, o=
r
possibly execute arbitrary code. This issue was only addressed in Ubuntu
Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)

It was discovered that PHP incorrectly handled memory when unserializing
malicious xml data. A remote attacker could use this issue to cause PHP t=
o
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2016-5772)

It was discovered that the PHP php_url_parse_ex() function incorrectly
handled string termination. A remote attacker could use this issue to cau=
se
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.0=
4
LTS. (CVE-2016-6288)

It was discovered that PHP incorrectly handled path lengths when extracti=
ng
certain Zip archives. A remote attacker could use this issue to cause PHP=

to crash, resulting in a denial of service, or possibly execute arbitrary=

code. (CVE-2016-6289)

It was discovered that PHP incorrectly handled session deserialization. A=

remote attacker could use this issue to cause PHP to crash, resulting in =
a
denial of service, or possibly execute arbitrary code. (CVE-2016-6290)

It was discovered that PHP incorrectly handled exif headers when processi=
ng
certain JPEG images. A remote attacker could use this issue to cause PHP =
to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-6291, CVE-2016-6292)

It was discovered that PHP incorrectly handled certain locale operations.=
A
remote attacker could use this issue to cause PHP to crash, resulting in =
a
denial of service, or possibly execute arbitrary code. (CVE-2016-6294)

It was discovered that the PHP garbage collector incorrectly handled
certain objects when unserializing SNMP data. A remote attacker could use=

this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LT=
S
and Ubuntu 16.04 LTS. (CVE-2016-6295)

It was discovered that the PHP xmlrpc_encode_request() function incorrect=
ly
handled certain lengths. An attacker could use this issue to cause PHP to=

crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-6296)

It was discovered that the PHP php_stream_zip_opener() function incorrect=
ly
handled memory. An attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-6297)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libapache2-mod-php7.0 7.0.8-0ubuntu0.16.04.2
php7.0-cgi 7.0.8-0ubuntu0.16.04.2
php7.0-cli 7.0.8-0ubuntu0.16.04.2
php7.0-fpm 7.0.8-0ubuntu0.16.04.2

Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.19
php5-cgi 5.5.9+dfsg-1ubuntu4.19
php5-cli 5.5.9+dfsg-1ubuntu4.19
php5-fpm 5.5.9+dfsg-1ubuntu4.19

Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.24
php5-cgi 5.3.10-1ubuntu3.24
php5-cli 5.3.10-1ubuntu3.24
php5-fpm 5.3.10-1ubuntu3.24

In general, a standard system update will make all the necessary changes.=

References:
http://www.ubuntu.com/usn/usn-3045-1
CVE-2015-4116, CVE-2015-8873, CVE-2015-8876, CVE-2015-8935,
CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096,
CVE-2016-5114, CVE-2016-5385, CVE-2016-5399, CVE-2016-5768,
CVE-2016-5769, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773,
CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291,
CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296,
CVE-2016-6297

Package Information:
https://launchpad.net/ubuntu/+source/php7.0/7.0.8-0ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.19
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.24

--Uaf78lxFPsaQuxmbb5wkpqQ0nhG800Nu5--

TOP

Mailings :

Last 20

Exploits :

Last 20