You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa php5 i php7

Sigurnosni nedostaci programskih paketa php5 i php7

by - 0

==========================================================================
Ubuntu Security Notice USN-3902-1
March 06, 2019

php5, php7.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
– php7.0: HTML-embedded scripting language interpreter
– php5: HTML-embedded scripting language interpreter

Details:

It was discovered that the PHP XML-RPC module incorrectly handled decoding
XML data. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2019-9020, CVE-2019-9024)

It was discovered that the PHP PHAR module incorrectly handled certain
filenames. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2019-9021)

It was discovered that PHP incorrectly parsed certain DNS responses. A
remote attacker could possibly use this issue to cause PHP to crash,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2019-9022)

It was discovered that PHP incorrectly handled mbstring regular
expressions. A remote attacker could possibly use this issue to cause PHP
to crash, resulting in a denial of service. (CVE-2019-9023)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.2
php7.0-cgi 7.0.33-0ubuntu0.16.04.2
php7.0-cli 7.0.33-0ubuntu0.16.04.2
php7.0-fpm 7.0.33-0ubuntu0.16.04.2
php7.0-mbstring 7.0.33-0ubuntu0.16.04.2
php7.0-xmlrpc 7.0.33-0ubuntu0.16.04.2

Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.27
php5-cgi 5.5.9+dfsg-1ubuntu4.27
php5-cli 5.5.9+dfsg-1ubuntu4.27
php5-fpm 5.5.9+dfsg-1ubuntu4.27
php5-xmlrpc 5.5.9+dfsg-1ubuntu4.27

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3902-1
CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023,
CVE-2019-9024

Package Information:
https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.27

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlx/7O0ACgkQZWnYVadE
vpM9kQ/+NRB5zcKftjydhYpG7jGi+5eO/4wlUSKh12PhwO2lC2Xwn5HLkmUNDCd+
57SoEAvsmTihQjUkLX/M+iYq/9HImVySDetP8NBlRk+8Bc2I9HddNSXSwO/nqbc7
ouNgToq5UN9LEmPrYt1btcJ2JuQHXVxZGwTEw7xzxMsLNwCW+SaFuct5Z9TFVcc0
k81iuVmoo6nUf9W9lFL7dk6Z7bBa04R4m2nHAuu0q/Zb78+9VdAlKBUkzMC9G9dT
sDH3hV5UDiCJFzJljD/rYA/DTuQhEGvzTdG7lfPOkZs/f7eqOhpwrO0ZV6MN6CAr
u9kSLUzKE+jGUlezTF8MmJGykf1D6iW0Dh6sj1RSqTimhSXvdhF3EPrqJ2RPzQOs
lA+U5ooVhKKE8ypWgDixE6q+hOanmleLCC36DDLMQMFEQoLWKg0zyt1W5QwmzFCw
H9s+s0/9Aj/uHAoOY0afK4pj0n2ngCwiGIbrP2uz3NXvuobqIl9uBkNKAHylGbzk
g7BpYG5g40j0xLTIljK6uVHL9gdOSPbY9OR0kBuwqec+ZStVyZwUqQsdqk5JjO5L
u7SHGFuSQzoJTOaQvGmSPK3wyKMciKAyYmeFIgKwSNkfWkdXOOpTmWmXajT+nzmK
ESsXInaDJ9fXQWYqU+rjTL+oKTbESOMCoPGDiqFvumoRM1ZrkR8=
=IUaL
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa ming

Otkriveni su sigurnosni nedostaci u programskom paketu ming za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja....

Close