User: Password:
|
|
Subscribe / Log in / New account

Ubuntu alert USN-2254-1 (php5)

From:  Marc Deslauriers <marc.deslauriers@canonical.com>
To:  ubuntu-security-announce@lists.ubuntu.com
Subject:  [USN-2254-1] PHP vulnerabilities
Date:  Mon, 23 Jun 2014 08:37:54 -0400
Message-ID:  <53A81FA2.9070206@canonical.com>

========================================================================== Ubuntu Security Notice USN-2254-1 June 23, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 13.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php5: HTML-embedded scripting language interpreter Details: Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM) set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0185) Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. (CVE-2014-0237, CVE-2014-0238) Stefan Esser discovered that PHP incorrectly handled DNS TXT records. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-4049) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.1 php5-cgi 5.5.9+dfsg-1ubuntu4.1 php5-cli 5.5.9+dfsg-1ubuntu4.1 php5-fpm 5.5.9+dfsg-1ubuntu4.1 Ubuntu 13.10: libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.4 php5-cgi 5.5.3+dfsg-1ubuntu2.4 php5-cli 5.5.3+dfsg-1ubuntu2.4 php5-fpm 5.5.3+dfsg-1ubuntu2.4 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.12 php5-cgi 5.3.10-1ubuntu3.12 php5-cli 5.3.10-1ubuntu3.12 php5-fpm 5.3.10-1ubuntu3.12 Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.25 php5-cgi 5.3.2-1ubuntu4.25 php5-cli 5.3.2-1ubuntu4.25 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2254-1 CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-4049 Package Information: https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubu... https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubu... https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.12 https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.25 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds