drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in PHP (Aktualisierung)
Name: |
Mehrere Probleme in PHP (Aktualisierung) |
|
ID: |
USN-3566-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 ESM, Ubuntu 14.04 ESM |
|
Datum: |
Mi, 22. Mai 2019, 15:37 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036 |
|
Applikationen: |
PHP |
|
Update von: |
Mehrere Probleme in PHP |
|
Originalnachricht |
--===============6493285482378430449== Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-HjlJwgoNHvpWgYm0L25j"
--=-HjlJwgoNHvpWgYm0L25j Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3566-2 May 22, 2019
php5 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM - Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in PHP.
Software Description: - php5: HTML-embedded scripting language interpreter
Details:
USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-20783)
It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or possibly cause a crash, resulting in a denial of service. (CVE-2019-11036)
Original advisory details:
It was discovered that PHP incorrectly handled memory when unserializing certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 ESM. (CVE-2017-12933)
It was discovered that PHP incorrectly handled locale length. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 ESM. (CVE-2017-11362)
It was discovered that PHP incorrectly handled certain stream metadata. A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 12.04 ESM. (CVE-2016-10712)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.29+esm2 php5-cgi 5.5.9+dfsg-1ubuntu4.29+esm2 php5-cli 5.5.9+dfsg-1ubuntu4.29+esm2 php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm2
Ubuntu 12.04 ESM: libapache2-mod-php5 5.3.10-1ubuntu3.36 php5-cgi 5.3.10-1ubuntu3.36 php5-cli 5.3.10-1ubuntu3.36 php5-fpm 5.3.10-1ubuntu3.36
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3566-2 https://usn.ubuntu.com/usn/usn-3566-1 CVE-2016-10712, CVE-2017-11362, CVE-2017-12933, CVE-2018-20783, CVE-2019-11036 --=-HjlJwgoNHvpWgYm0L25j Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAABCAAGBQJc5US8AAoJEEW851uECx9pxNsQALZWNbVNi9TbLz8UXr/dE4+6 nQEW2/46TK2ZLJgAsvZfcDtm0DBpYN1XGw7FlUmKHcXA2YcGUF2aVDPaXjT3zWea 2XOT9+Pn/ELHYxNqUYpBgtP8ng+0w+Gp32F98sR99+FYBCq4W1m+MwZiaOrWG6fJ 3HObtUdh42SBdtf7qkyzOnIvBtogZXZhZtGm+n48z7TtzvAUKkOaeL0Fqz/kDEii 4Rw4m9GH99Pj4vmWnYdD02SX+XFmi5jdkiMp0I8pWM5+s1fHZ/8wJ48/PLb0fIpZ uBzIyiXeppX1z7/1M74QdoFcuh2PwrDEzRe4Bbn5YeTvs7iqSoIP4OuhAxxAM+Y8 AK2pkRXRJJOw1VOyq2OY0fvSA0crxjskT2rnZEJWHUdIXihmAMmQHz0yXZP+XYTu yrX37/y20X/1kssxZGwgsp1Q5vUYrvoQ8dSK/k6IhNW93GGZQlfTOJaS3JcyBVmO OBJIdUVQTj09175BgTAQB8BAjyhq3SlBRNB8kGBVN4U68ToJcvm1LQxzHh54IarQ XgP8RaamYjY3wtib9da/qngk6nPaO3uiM/CAl8ikwQjlUL8/MPi3vkedEBDSKrw6 LiHsyFCYjdhWhrjWOrdnNpncd3HWIsUCJPK42nWpK6y1q8kubMFgx0v3IylW+HQE Id0xb/g/3tFpGtm2SeL+ =1t69 -----END PGP SIGNATURE-----
--=-HjlJwgoNHvpWgYm0L25j--
--===============6493285482378430449== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============6493285482378430449==--
|
|
|
|