==========================================================================
Ubuntu Security Notice USN-4097-1
August 13, 2019
php7.0, php7.2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
PHP could be made to crash or execute arbitrary code if it
received specially crafted image.
Software Description:
– php7.2: HTML-embedded scripting language interpreter
– php7.0: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled certain images.
An attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libapache2-mod-php7.2 7.2.19-0ubuntu0.19.04.2
php7.2-cgi 7.2.19-0ubuntu0.19.04.2
php7.2-cli 7.2.19-0ubuntu0.19.04.2
php7.2-fpm 7.2.19-0ubuntu0.19.04.2
php7.2-xmlrpc 7.2.19-0ubuntu0.19.04.2
Ubuntu 18.04 LTS:
libapache2-mod-php7.2 7.2.19-0ubuntu0.18.04.2
php7.2-cgi 7.2.19-0ubuntu0.18.04.2
php7.2-cli 7.2.19-0ubuntu0.18.04.2
php7.2-fpm 7.2.19-0ubuntu0.18.04.2
php7.2-xmlrpc 7.2.19-0ubuntu0.18.04.2
Ubuntu 16.04 LTS:
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.6
php7.0-cgi 7.0.33-0ubuntu0.16.04.6
php7.0-cli 7.0.33-0ubuntu0.16.04.6
php7.0-fpm 7.0.33-0ubuntu0.16.04.6
php7.0-xmlrpc 7.0.33-0ubuntu0.16.04.6
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4097-1
CVE-2019-11041, CVE-2019-11042
Package Information:
https://launchpad.net/ubuntu/+source/php7.2/7.2.19-0ubuntu0.19.04.2
https://launchpad.net/ubuntu/+source/php7.2/7.2.19-0ubuntu0.18.04.2
https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.6
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBAgAGBQJdUweiAAoJEEW851uECx9pW88QAKpWQBr/h4+HP4q0BorAas4q
55QXU4zmEUewG/U0qJ/+Qlo+K4GQ5TXJW+YJgRbAGcYcbcoqYSkOYk4YIarPI4uN
HBpwmZHEx2L6SU90LiW6yzbShSFk1+efPHHHDRPrYKTV/fq/3FKoYEwT0jgvVdJ+
nvjGhRQG96vL7BET3aLZcRzhrnuKSqARxk51HmEXoUXnKfY/GuMZTvVFr+Bed6P7
FfIApa86HvSRd+SxwjLQed8BM/XJNG9EvUEOIiOjNunDnntF4X4smEotlrgziZ9t
3oqSe26GcPZy4ZN8L4Byr73+gYwZc6jyIsCSsgl9Va6BXKdeyNGhI80tc7Ph0G91
wg0AoXu0pfmEcoPysndTIAOn5KwFlsnY1KhreJvD+gpUCxPeDk9UJFkng4+WNnT7
h1gmEJYa8AeU8IMy1A6hv0zELSyD8bJ2cTQ+i+IbZG099jsH6LTECMhDtya3VkEf
5oMuQmvGTRGh3OrXfPsIOXdr+tV7SptJwuZq1nOQwcfXti+rUkKgy5HM/R1TYurO
5c3Ni9piJMWct1Ex918hyAPL1PuU+cstNG94hQjACV30Eqf508sEesZXWt6mWeJ/
qv7M64eXeCFUgyQLHlnq2dnfZsi38juBJq9sKSWMN5zBFVqHnOWiPXIq24tj7ZVH
z/YpS4gbJqZ4pr+fbm3J
=aJzL
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-4097-2
August 13, 2019
php5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
PHP could be made to crash or execute arbitrary code if it
received specially crafted image.
Software Description:
– php5: HTML-embedded scripting language interpreter
Details:
USN-4097-1 fixed several vulnerabilities in php5. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that PHP incorrectly handled certain images.
An attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.29+esm5
php5-cgi 5.5.9+dfsg-1ubuntu4.29+esm5
php5-cli 5.5.9+dfsg-1ubuntu4.29+esm5
php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm5
php5-xmlrpc 5.5.9+dfsg-1ubuntu4.29+esm5
Ubuntu 12.04 ESM:
libapache2-mod-php5 5.3.10-1ubuntu3.39
php5-cgi 5.3.10-1ubuntu3.39
php5-cli 5.3.10-1ubuntu3.39
php5-fpm 5.3.10-1ubuntu3.39
php5-xmlrpc 5.3.10-1ubuntu3.39
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4097-2
https://usn.ubuntu.com/4097-1
CVE-2019-11041, CVE-2019-11042
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBAgAGBQJdUxewAAoJEEW851uECx9py6sP/Rn+2srC3ZixWAOOS4xyoDxR
vjV8WkB5cyHm67Bj3D6dBDDvdHLtaxtWUZOwIZHWFHlX081x7PKXRw3KMgdgu2UT
T3/3J+w0vKvzCoo0NRP1948Zd18zrSNumTuaCDQMKKeyI96Bctuq32sVpGNWM5Us
sMQYINmTyfUDXhqPyspXyjZhE/GAC/7EyJostjh3LlVz6qWrh1164brWD2jqK22v
V1lsobrsuzHZFo3HEvJ7W0USQ2gyjKjh0Xmb/BtWYrkTr050HSWGCe4l7szvSdJV
TD74D4CGNvvbxuRBXtXFqPUVBq7dt56l9hYQQDVqpQGjdVjFXynGKzqhWqI3glJV
bKp/dXZ1g/VSzAcnkFl76VRMG3Qy579VWffPo6pAlbB5X7f6j65udRUUWzPvDOPA
9TMBgEbO73b7g0mNHuCGdfOIpwNMo7rGbZ5LDLk+DF9EmQlF+I7xCQf+gap7GruV
077TItWFNASGSwfcbLS4bf951bAH/gIny2T6GMpBoPuHGkhrJNq2Cc7gWP/n4JHV
AXcGtUriiye8epNHUeI8SRWMAlvgLPoI0wBV5WD8mD1fK+UfcF5CsvFfCzzbQ4of
FlHlumtXi9L7Q1eSV5huCl/T32DzFndMNjLztSUlKRi6sI/oMZbzbKIq3eNqLSE5
e6RR+4tas4dwYwr+sAl/
=umE8
—–END PGP SIGNATURE—–
—