drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in PHP
Name: |
Zwei Probleme in PHP |
|
ID: |
USN-2786-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.04, Ubuntu 15.10 |
|
Datum: |
Mi, 28. Oktober 2015, 17:12 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7803 |
|
Applikationen: |
PHP |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6542666865749788332== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="T3WX7axreNdIpKAmo2LJ4QAXDavdHpdH4"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --T3WX7axreNdIpKAmo2LJ4QAXDavdHpdH4 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2786-1 October 28, 2015
php5 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
PHP could be made to crash if it processed a specially crafted file.
Software Description: - php5: HTML-embedded scripting language interpreter
Details:
It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2015-7803, CVE-2015-7804)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1 php5-cgi 5.6.11+dfsg-1ubuntu3.1 php5-cli 5.6.11+dfsg-1ubuntu3.1 php5-fpm 5.6.11+dfsg-1ubuntu3.1
Ubuntu 15.04: libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4 php5-cgi 5.6.4+dfsg-4ubuntu6.4 php5-cli 5.6.4+dfsg-4ubuntu6.4 php5-fpm 5.6.4+dfsg-4ubuntu6.4
Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14 php5-cgi 5.5.9+dfsg-1ubuntu4.14 php5-cli 5.5.9+dfsg-1ubuntu4.14 php5-fpm 5.5.9+dfsg-1ubuntu4.14
Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.21 php5-cgi 5.3.10-1ubuntu3.21 php5-cli 5.3.10-1ubuntu3.21 php5-fpm 5.3.10-1ubuntu3.21
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2786-1 CVE-2015-7803, CVE-2015-7804
Package Information: https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1 https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4 https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14 https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21
--T3WX7axreNdIpKAmo2LJ4QAXDavdHpdH4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJWMNZrAAoJEGVp2FWnRL6TGhUP/RbdEygSl9prIt3SfxoXgoQn FuDXWw7FUj6yf6R2WPfhkiP0000r4tDPxB1XH7La9PF8NRs8Rp0u/Tnj6co6Kaqs glJ5Lrxv6NYhfRDXP4Z6edsDbHm5vDxPBgox6NIPwvwCPmU/eh8k53OQJarwsZRI QrEhvM2KD/LFWG8eBiRhhpkMWeg97BEfls/g6xqOO5TQr0bml5QDKl6OXUPMHKXn phgrCzV7E6tCmfMDakJs3OeZCjXJ5DBT0zoft6IFbJWSQY4nZb/lLP3bntG/YxPi +34R5IU5++ObmpsTKJydSkc+mGbjMlXUNJELfyijbx29eE40evZMFnLI6ePgkkuh bzff2a6g9zNhshIViv+hD2+7nrIHloeNulUbEcBdM+W+e1Q1CZc0rpN9nZIsWGFk EA+NcBoanPxVPIFfwfdbduVE6UFEl1JdTRcIhPcWNM+2vVKu//5N7qHbz04qsK0n SnQ4opNJHwXRD0nBgK4CAsF5zzYg8KgEOHo5a1DzngKw0IPvjPhW0djUGotU1jza N+MYSBhDcXTXC6fCcLHgBSJD0clZqFMwmz2oLBZUVnkY3h6fAGnih6In3eEmLe0D s+2Gpej/m7TJchgONyxz4pLs/48weB522477xp+ihLVhWZ9HxqqFVFIeNw7h/gbj NHyUjqbg+GGP07wyy0hd =cTZL -----END PGP SIGNATURE-----
--T3WX7axreNdIpKAmo2LJ4QAXDavdHpdH4--
--===============6542666865749788332== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6542666865749788332==--
|
|
|
|