Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in PHP (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in PHP (Aktualisierung)
ID: USN-3566-2
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 ESM, Ubuntu 14.04 ESM
Datum: Mi, 22. Mai 2019, 15:37
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036
Applikationen: PHP
Update von: Mehrere Probleme in PHP

Originalnachricht

 

--===============6493285482378430449==
Content-Type: multipart/signed; micalg="pgp-sha256";
	protocol="application/pgp-signature";
 boundary="=-HjlJwgoNHvpWgYm0L25j"


--=-HjlJwgoNHvpWgYm0L25j
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3566-2
May 22, 2019

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in PHP.

Software Description:
- php5: HTML-embedded scripting language interpreter

Details:

USN-3566-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

It was discovered that PHP incorrectly handled certain files. An
attacker could possibly use this issue to access sensitive information.
(CVE-2018-20783)

It was discovered that PHP incorrectly handled certain files. An
attacker could possibly use this issue to access sensitive information
or possibly cause a crash, resulting in a denial of service. 
(CVE-2019-11036)

Original advisory details:

 It was discovered that PHP incorrectly handled memory when
 unserializing certain data. A remote attacker could use this issue to
 cause PHP to crash, resulting in a denial of service, or possibly
 execute arbitrary code. This issue only affected Ubuntu 12.04 ESM.
 (CVE-2017-12933)

 It was discovered that PHP incorrectly handled locale length. A remote
 attacker could possibly use this issue to cause PHP to crash,
 resulting in a denial of service. This issue only affected Ubuntu
 12.04 ESM. (CVE-2017-11362)

 It was discovered that PHP incorrectly handled certain stream
 metadata. A remote attacker could possibly use this issue to set
 arbitrary metadata. This issue only affected Ubuntu 12.04 ESM.
 (CVE-2016-10712)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.29+esm2
  php5-cgi                        5.5.9+dfsg-1ubuntu4.29+esm2
  php5-cli                        5.5.9+dfsg-1ubuntu4.29+esm2
  php5-fpm                        5.5.9+dfsg-1ubuntu4.29+esm2

Ubuntu 12.04 ESM:
  libapache2-mod-php5             5.3.10-1ubuntu3.36
  php5-cgi                        5.3.10-1ubuntu3.36
  php5-cli                        5.3.10-1ubuntu3.36
  php5-fpm                        5.3.10-1ubuntu3.36

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3566-2
  https://usn.ubuntu.com/usn/usn-3566-1
  CVE-2016-10712, CVE-2017-11362, CVE-2017-12933, CVE-2018-20783,
  CVE-2019-11036
--=-HjlJwgoNHvpWgYm0L25j
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJc5US8AAoJEEW851uECx9pxNsQALZWNbVNi9TbLz8UXr/dE4+6
nQEW2/46TK2ZLJgAsvZfcDtm0DBpYN1XGw7FlUmKHcXA2YcGUF2aVDPaXjT3zWea
2XOT9+Pn/ELHYxNqUYpBgtP8ng+0w+Gp32F98sR99+FYBCq4W1m+MwZiaOrWG6fJ
3HObtUdh42SBdtf7qkyzOnIvBtogZXZhZtGm+n48z7TtzvAUKkOaeL0Fqz/kDEii
4Rw4m9GH99Pj4vmWnYdD02SX+XFmi5jdkiMp0I8pWM5+s1fHZ/8wJ48/PLb0fIpZ
uBzIyiXeppX1z7/1M74QdoFcuh2PwrDEzRe4Bbn5YeTvs7iqSoIP4OuhAxxAM+Y8
AK2pkRXRJJOw1VOyq2OY0fvSA0crxjskT2rnZEJWHUdIXihmAMmQHz0yXZP+XYTu
yrX37/y20X/1kssxZGwgsp1Q5vUYrvoQ8dSK/k6IhNW93GGZQlfTOJaS3JcyBVmO
OBJIdUVQTj09175BgTAQB8BAjyhq3SlBRNB8kGBVN4U68ToJcvm1LQxzHh54IarQ
XgP8RaamYjY3wtib9da/qngk6nPaO3uiM/CAl8ikwQjlUL8/MPi3vkedEBDSKrw6
LiHsyFCYjdhWhrjWOrdnNpncd3HWIsUCJPK42nWpK6y1q8kubMFgx0v3IylW+HQE
Id0xb/g/3tFpGtm2SeL+
=1t69
-----END PGP SIGNATURE-----

--=-HjlJwgoNHvpWgYm0L25j--



--===============6493285482378430449==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============6493285482378430449==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung