Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30361
HistoryMar 13, 2014 - 12:00 a.m.

USN-2126-1] PHP vulnerabilities

2014-03-1300:00:00
vulners.com
46
JSON

==========================================================================
Ubuntu Security Notice USN-2126-1
March 03, 2014

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10
  • Ubuntu 12.10
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:

  • php5: HTML-embedded scripting language interpreter

Details:

Bernd Melchers discovered that PHP's embedded libmagic library incorrectly
handled indirect offset values. An attacker could use this issue to cause
PHP to consume resources or crash, resulting in a denial of service.
(CVE-2014-1943)

It was discovered that PHP incorrectly handled certain values when using
the imagecrop function. An attacker could possibly use this issue to cause
PHP to crash, resulting in a denial of service, obtain sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 13.10. (CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-2020)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.2
php5-cgi 5.5.3+dfsg-1ubuntu2.2
php5-cli 5.5.3+dfsg-1ubuntu2.2
php5-gd 5.5.3+dfsg-1ubuntu2.2

Ubuntu 12.10:
libapache2-mod-php5 5.4.6-1ubuntu1.7
php5-cgi 5.4.6-1ubuntu1.7
php5-cli 5.4.6-1ubuntu1.7
php5-gd 5.4.6-1ubuntu1.7

Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.10
php5-cgi 5.3.10-1ubuntu3.10
php5-cli 5.3.10-1ubuntu3.10
php5-gd 5.3.10-1ubuntu3.10

Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.23
php5-cgi 5.3.2-1ubuntu4.23
php5-cli 5.3.2-1ubuntu4.23
php5-gd 5.3.2-1ubuntu4.23

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2126-1
CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-1943,
CVE-2014-2020

Package Information:
https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubuntu2.2
https://launchpad.net/ubuntu/+source/php5/5.4.6-1ubuntu1.7
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.10
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.23

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

nessus 37
openvas 37
ubuntu 2
f5 6
amazon 3
ubuntucve 5
prion 5
cve 5
securityvulns 7
seebug 3
hackerone 1
checkpoint_advisories 1
veracode 4
debian 4
osv 2
fedora 10
gentoo 2
debiancve 1
freebsd 2
slackware 1
mageia 3
freebsd_advisory 1
redhat 3
oraclelinux 2
centos 2
rosalinux 1
nessus
nessus
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : php5 vulnerabilities (USN-2126-1)
2014-03-04 00:00:00
PHP 5.5.x < 5.5.9 GD Extension Multiple Vulnerabilities
2014-02-14 00:00:00
PHP 5.5.x < 5.5.9 GD Extension Multiple Vulnerabilities
2014-02-14 00:00:00
openvas
openvas
Ubuntu Update for php5 USN-2126-1
2014-03-04 00:00:00
Ubuntu Update for php5 USN-2126-1
2014-03-04 00:00:00
PHP Multiple Vulnerabilities - 01 - May14
2014-05-09 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2014-03-03 00:00:00
file vulnerabilities
2014-02-26 00:00:00
f5
f5
SOL15653 - Multiple PHP vulnerabilities
2014-10-02 00:00:00
K15653 : Multiple PHP vulnerabilities
2014-10-02 00:00:00
SOL15648 - PHP vulnerability CVE-2014-2020
2014-10-02 00:00:00
amazon
amazon
Important: php55
2014-03-24 23:37:00
Medium: file
2014-03-13 18:12:00
Medium: php54
2014-03-24 23:37:00
ubuntucve
ubuntucve
CVE-2013-7328
2014-02-18 00:00:00
CVE-2013-7327
2014-02-18 00:00:00
CVE-2014-2020
2014-02-18 00:00:00
prion
prion
Integer overflow
2014-02-18 11:55:00
Null pointer dereference
2014-02-18 11:55:00
Design/Logic Flaw
2014-02-18 11:55:00
cve
cve
CVE-2013-7328
2014-02-18 11:55:00
CVE-2013-7327
2014-02-18 11:55:00
CVE-2014-2020
2014-02-18 11:55:00
securityvulns
securityvulns
PHP multiple security vulnerabilities
2014-03-18 00:00:00
[ MDVSA-2014:059 ] php
2014-03-18 00:00:00
python-PGP code execution
2014-06-14 00:00:00
seebug
seebug
PHP 'ext/gd/gd.c'信息泄漏漏洞
2014-02-20 00:00:00
PHP 'ext/gd/gd.c' gdImageCrop整数符号错误漏洞
2014-02-20 00:00:00
PHP 'ext/gd/gd.c' gdImageCrop空指针返回拒绝服务漏洞
2014-02-20 00:00:00
hackerone
hackerone
Internet Bug Bounty: PHP Heap Overflow Vulnerability in imagecrop()
2013-12-27 02:57:00
checkpoint_advisories
checkpoint_advisories
PHP Fileinfo Call Stack Exhaustion Denial of Service (CVE-2014-1943)
2014-05-18 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:16
Denial Of Service (DoS)
2019-05-02 05:04:17
debian
debian
[SECURITY] [DSA 2861-1] file security update
2014-02-16 14:09:45
[SECURITY] [DSA 2868-1] php5 security update
2014-03-02 19:18:49
[SECURITY] [DSA 2861-1] file security update
2014-02-16 14:09:45
osv
osv
file - denial of service
2014-02-16 00:00:00
php5 - denial of service
2014-03-02 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: file-5.14-15.fc20
2014-02-23 08:38:00
[SECURITY] Fedora 19 Update: file-5.11-12.fc19
2014-03-04 06:44:00
[SECURITY] Fedora 20 Update: file-5.14-17.fc20
2014-03-12 12:31:06
gentoo
gentoo
file: Denial of service
2014-03-13 00:00:00
PHP: Multiple vulnerabilities
2014-08-29 00:00:00
debiancve
debiancve
CVE-2014-1943
2014-02-18 19:55:00
freebsd
freebsd
file -- denial of service
2014-02-16 00:00:00
FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)
2014-06-24 00:00:00
slackware
slackware
[slackware-security] php
2014-03-16 03:31:21
mageia
mageia
Updated file package fixes security vulnerability
2014-02-22 23:10:59
Updated php packages fix security vulnerabilities
2014-04-04 21:33:24
Updated php packages fix security vulnerabilities
2014-04-04 16:08:18
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:16.file
2014-06-24 00:00:00
redhat
redhat
(RHSA-2014:1606) Moderate: file security and bug fix update
2014-10-14 00:00:00
(RHSA-2014:1012) Moderate: php53 and php security update
2014-08-06 00:00:00
(RHSA-2014:1765) Important: php54-php security update
2014-10-30 00:00:00
oraclelinux
oraclelinux
file security and bug fix update
2014-10-15 00:00:00
php53 and php security update
2014-08-06 00:00:00
centos
centos
file, python security update
2014-10-20 18:08:44
php, php53 security update
2014-08-06 14:53:37
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
JSON
Related for SECURITYVULNS:DOC:30361
nessus37openvas37ubuntu2f56amazon3ubuntucve5prion5cve5securityvulns7seebug3hackerone1checkpoint_advisories1veracode4debian4osv2fedora10gentoo2debiancve1freebsd2slackware1mageia3freebsd_advisory1redhat3oraclelinux2centos2rosalinux1