You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php5

Sigurnosni nedostaci programskog paketa php5

by - 0

==========================================================================
Ubuntu Security Notice USN-3902-2
March 12, 2019

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in PHP.

Software Description:
– php5: HTML-embedded scripting language interpreter

Details:

USN-3902-1 fixed a vulnerability in PHP. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that the PHP XML-RPC module incorrectly handled
 decoding XML data. A remote attacker could possibly use this issue to
 cause PHP to crash, resulting in a denial of service. (CVE-2019-9020,
 CVE-2019-9024)

 It was discovered that the PHP PHAR module incorrectly handled certain
 filenames. A remote attacker could possibly use this issue to cause
 PHP to crash, resulting in a denial of service. (CVE-2019-9021)

 It was discovered that PHP incorrectly handled mbstring regular
 expressions. A remote attacker could possibly use this issue to cause
 PHP to crash, resulting in a denial of service. (CVE-2019-9023)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  libapache2-mod-php5             5.3.10-1ubuntu3.33
  php5-cgi                        5.3.10-1ubuntu3.33
  php5-cli                        5.3.10-1ubuntu3.33
  php5-fpm                        5.3.10-1ubuntu3.33
  php5-xmlrpc                     5.3.10-1ubuntu3.33

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3902-2
  https://usn.ubuntu.com/usn/usn-3902-1
  CVE-2019-9020, CVE-2019-9021, CVE-2019-9023, CVE-2019-9024—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJciApRAAoJEEW851uECx9p+Z8P/i3xz9p/xi8LYjn6BKjixMqx
dQ4az9FzrpHWAkfm0PM1hGoKcnRLMiA9PbacXP61vFThaiGF+V+9dg1mdzDree7u
ObLihyGhn1XEdi+CtTcGcdj+LARQJ+uSUp118zLMwy8AniPaLMxiy/lkm+m9dX+Q
EgVTDyuVZtT6WFj0M5tYlDf7YKym7ceu9Yt7GiFcyJUiLblqDj15SN+OEND8aCh3
NRHR5uOqBOVRAJ9dUrN2uWtdH88kN3UGc4ZdaN4ruL91erWXvqhkuUF6B6Kh8AHj
/XqMWOmx6/E6RJqYbAiNamelL7EkJiKlVkNa0g02c6XDH4JPbvtG9dFx76e4y+TM
JskXFxPbhIXS6KqmuXSZ5xTUwfcu1st1I+MfJJO5O0jNTHUl4NsEyDnXaBruOx2N
YZlRKVkDjhwDRFNfpXnWyNJvMck/KeNFZF6FTuP/C4dUBYZ18nY6+3UoziT311Tp
NfHAPIOsBVxFqJkhbPQ8uNjc4KSeYhuzJhk7tdinCywlovWPRxeaUoikLestPcJQ
+/L0iyXZD0NPLpEusKc7h1xk7lVIDJQtdDItba+fpv+SGL0kDa+Yd70s/JrsHsIo
IjgHABleTaW7xjZSzKXq/GOZVMjs1+V1UoFaBPD3dFt1u//0xjyGelvMTuaRtqet
rOUbQBa/OLG/J1SRqqd3
=yROV
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke xmltooling

Otkriven je sigurnosni nedostatak programske biblioteke xmltooling za operacijski sustav Debian. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje...

Close