User: Password:
Subscribe / Log in / New account

Ubuntu alert USN-2254-1 (php5)

From:  Marc Deslauriers <>
Subject:  [USN-2254-1] PHP vulnerabilities
Date:  Mon, 23 Jun 2014 08:37:54 -0400
Message-ID:  <>

========================================================================== Ubuntu Security Notice USN-2254-1 June 23, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 13.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php5: HTML-embedded scripting language interpreter Details: Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM) set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0185) Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. (CVE-2014-0237, CVE-2014-0238) Stefan Esser discovered that PHP incorrectly handled DNS TXT records. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-4049) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.1 php5-cgi 5.5.9+dfsg-1ubuntu4.1 php5-cli 5.5.9+dfsg-1ubuntu4.1 php5-fpm 5.5.9+dfsg-1ubuntu4.1 Ubuntu 13.10: libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.4 php5-cgi 5.5.3+dfsg-1ubuntu2.4 php5-cli 5.5.3+dfsg-1ubuntu2.4 php5-fpm 5.5.3+dfsg-1ubuntu2.4 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.12 php5-cgi 5.3.10-1ubuntu3.12 php5-cli 5.3.10-1ubuntu3.12 php5-fpm 5.3.10-1ubuntu3.12 Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.25 php5-cgi 5.3.2-1ubuntu4.25 php5-cli 5.3.2-1ubuntu4.25 In general, a standard system update will make all the necessary changes. References: CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-4049 Package Information: -- ubuntu-security-announce mailing list Modify settings or unsubscribe at:

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds