Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30917
HistoryJul 14, 2014 - 12:00 a.m.

[USN-2276-1] PHP vulnerabilities

2014-07-1400:00:00
vulners.com
63
JSON

==========================================================================
Ubuntu Security Notice USN-2276-1
July 09, 2014

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 13.10
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:

  • php5: HTML-embedded scripting language interpreter

Details:

Francisco Alonso discovered that the PHP Fileinfo component incorrectly
handled certain CDF documents. A remote attacker could use this issue to
cause PHP to hang or crash, resulting in a denial of service.
(CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487)

Stefan Esser discovered that PHP incorrectly handled unserializing SPL
extension objects. An attacker could use this issue to execute arbitrary
code. (CVE-2014-3515)

It was discovered that PHP incorrectly handled certain SPL Iterators. An
attacker could use this issue to cause PHP to crash, resulting in a denial
of service. (CVE-2014-4670)

It was discovered that PHP incorrectly handled certain ArrayIterators. An
attacker could use this issue to cause PHP to crash, resulting in a denial
of service. (CVE-2014-4698)

Stefan Esser discovered that PHP incorrectly handled variable types when
calling phpinfo(). An attacker could use this issue to possibly gain access
to arbitrary memory, possibly containing sensitive information.
(CVE-2014-4721)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.3
php5-cgi 5.5.9+dfsg-1ubuntu4.3
php5-cli 5.5.9+dfsg-1ubuntu4.3
php5-fpm 5.5.9+dfsg-1ubuntu4.3

Ubuntu 13.10:
libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.6
php5-cgi 5.5.3+dfsg-1ubuntu2.6
php5-cli 5.5.3+dfsg-1ubuntu2.6
php5-fpm 5.5.3+dfsg-1ubuntu2.6

Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.13
php5-cgi 5.3.10-1ubuntu3.13
php5-cli 5.3.10-1ubuntu3.13
php5-fpm 5.3.10-1ubuntu3.13

Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.26
php5-cgi 5.3.2-1ubuntu4.26
php5-cli 5.3.2-1ubuntu4.26

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2276-1
CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480,
CVE-2014-3487, CVE-2014-3515, CVE-2014-4670, CVE-2014-4698,
CVE-2014-4721

Package Information:
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.3
https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubuntu2.6
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.13
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.26

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

openvas 36
ubuntu 2
nessus 57
debian 6
osv 4
securityvulns 2
mageia 4
f5 6
amazon 4
slackware 2
fedora 3
oraclelinux 6
centos 6
redhat 8
kaspersky 2
veracode 12
ibm 3
ubuntucve 9
cve 9
prion 9
debiancve 5
hackerone 2
checkpoint_advisories 1
freebsd 1
openvas
openvas
Ubuntu Update for php5 USN-2276-1
2014-07-15 00:00:00
Debian Security Advisory DSA 2974-1 (php5 - security update)
2014-07-08 00:00:00
Debian Security Advisory DSA 2974-1 (php5 - security update)
2014-07-08 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2014-07-09 00:00:00
file vulnerabilities
2014-07-15 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2276-1)
2014-07-10 00:00:00
SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 9537)
2014-07-30 00:00:00
Debian DSA-2974-1 : php5 - security update
2014-07-09 00:00:00
debian
debian
[SECURITY] [DSA 2974-1] php5 security update
2014-07-08 21:34:45
[SECURITY] [DSA 2974-1] php5 security update
2014-07-08 21:34:45
[DLA-0018-1] php5 security update
2014-07-23 19:10:58
osv
osv
php5 - security update
2014-07-08 00:00:00
php5 - security update
2014-07-23 00:00:00
file - security update
2014-07-31 00:00:00
securityvulns
securityvulns
file / PHP multiple security vulnerabilities
2014-07-14 00:00:00
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
2014-09-21 00:00:00
mageia
mageia
Updated php packages fix multiple vulnerabilities
2014-07-09 02:30:04
Updated file packages fix security vulnerabilities
2014-07-04 22:26:27
Updated php packages fix multiple vulnerabilities
2014-07-09 02:29:20
f5
f5
K15498 : Multiple PHP vulnerabilities
2014-08-12 00:00:00
SOL15498 - Multiple PHP vulnerabilities
2014-08-12 00:00:00
K17313 : PHP vulnerability CVE-2014-4721
2015-10-06 00:00:00
amazon
amazon
Medium: php55
2014-07-09 16:42:00
Medium: php54
2014-07-09 16:24:00
Medium: file
2014-07-23 13:57:00
slackware
slackware
[slackware-security] php
2014-07-12 03:48:04
[slackware-security] php
2014-09-04 22:00:56
fedora
fedora
[SECURITY] Fedora 20 Update: php-5.5.14-1.fc20
2014-06-30 10:25:38
[SECURITY] Fedora 19 Update: php-5.5.14-1.fc19
2014-07-08 00:57:33
[SECURITY] Fedora 20 Update: file-5.19-1.fc20
2014-07-05 14:54:09
oraclelinux
oraclelinux
php security update
2014-08-06 00:00:00
file security and bug fix update
2015-11-23 00:00:00
php53 and php security update
2014-08-06 00:00:00
centos
centos
php security update
2014-08-06 14:38:20
file, python security update
2015-11-30 19:28:42
php, php53 security update
2014-08-06 14:53:37
redhat
redhat
(RHSA-2014:1013) Moderate: php security update
2014-08-06 00:00:00
(RHSA-2014:1766) Important: php55-php security update
2014-10-30 00:00:00
(RHSA-2014:1765) Important: php54-php security update
2014-10-30 00:00:00
kaspersky
kaspersky
KLA10290 DoS vulnerability in PHP
2014-07-10 00:00:00
KLA10289 OSI vulnerability in PHP
2014-07-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:16
ibm
ibm
Security Bulletin: Multiple vulnerabilities in file affect PowerKVM
2018-06-18 01:30:43
Security Bulletin: Multiple vulnerabilities in PHP as used by IBM QRadar Incident Forensics 7.2 MR2. (CVE-2014-3515, CVE-2014-4049, CVE-2014-3981, CVE-2014-0238, CVE-2014-0237, CVE-2014-4721)
2018-06-16 21:19:23
Security Bulletin: Multiple vulnerabilities in php affect IBM Flex System Manager (FSM): (CVE-2014-3597, CVE-2014-4721 and CVE-2014-5459)
2019-01-31 01:45:01
ubuntucve
ubuntucve
CVE-2014-4721
2014-07-06 00:00:00
CVE-2014-4698
2014-07-04 00:00:00
CVE-2014-4670
2014-07-04 00:00:00
cve
cve
CVE-2014-4721
2014-07-06 23:55:00
CVE-2014-4698
2014-07-10 11:06:00
CVE-2014-4670
2014-07-10 11:06:00
prion
prion
Type confusion
2014-07-06 23:55:00
Design/Logic Flaw
2014-07-10 11:06:00
Buffer overflow
2014-07-09 11:07:00
debiancve
debiancve
CVE-2014-3478
2014-07-09 11:07:00
CVE-2014-3479
2014-07-09 11:07:00
CVE-2014-3487
2014-07-09 11:07:00
hackerone
hackerone
Internet Bug Bounty: SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities
2014-06-20 00:00:00
Gratipay: PHP 5.4.45 is Outdated and Full of Preformance Interupting Arbitrary Code Execution Bugs
2016-04-16 22:49:59
checkpoint_advisories
checkpoint_advisories
PHP unserialize Call SPL ArrayObject and SPLObjectStorage Memory Corruption (CVE-2014-3515)
2014-09-21 00:00:00
freebsd
freebsd
PHP multiple vulnerabilities
2014-08-14 00:00:00
JSON
Related for SECURITYVULNS:DOC:30917
openvas36ubuntu2nessus57debian6osv4securityvulns2mageia4f56amazon4slackware2fedora3oraclelinux6centos6redhat8kaspersky2veracode12ibm3ubuntucve9cve9prion9debiancve5hackerone2checkpoint_advisories1freebsd1