You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php5

Sigurnosni nedostaci programskog paketa php5

==========================================================================
Ubuntu Security Notice USN-3953-2
May 01, 2019

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in PHP.

Software Description:
– php5: HTML-embedded scripting language interpreter

Details:

USN-3953-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

 It was discovered that PHP incorrectly handled certain exif tags in
 JPEG images. A remote attacker could use this issue to cause PHP to
 crash, resulting in a denial of service, or possibly execute arbitrary
 code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.29+esm1
  php5-cgi                        5.5.9+dfsg-1ubuntu4.29+esm1
  php5-cli                        5.5.9+dfsg-1ubuntu4.29+esm1
  php5-fpm                        5.5.9+dfsg-1ubuntu4.29+esm1

Ubuntu 12.04 ESM:
  libapache2-mod-php5             5.3.10-1ubuntu3.35
  php5-cgi                        5.3.10-1ubuntu3.35
  php5-cli                        5.3.10-1ubuntu3.35
  php5-fpm                        5.3.10-1ubuntu3.35

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3953-2
  https://usn.ubuntu.com/usn/usn-3953-1
  CVE-2019-11034, CVE-2019-11035—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJcye0nAAoJEEW851uECx9pIc8P/0K5Fy2n2FgMnou2qVWQATOQ
XZYoh4A7ZPMCB5HC1+PwfKGXRsp7Js6G+VSIJLXiME7ybqaD/b9HPtOtyYwkpJQr
UJ7dcMpcp7rYISs4vU3iuHsVONff7EEW6KadjgWdAIPACiZPgZEOxHz7hZaLMaGK
BUVNFcGZ9DemCHa2/bRvetW0JfVKxlNwtWUU5PDIWGytXRuMHldX5Ba5j9M1wi0d
c92/Zh30IGnLxQPrjGVKC84czrCddE0svkqCsFSyQ+24FQH3/Y9hk13X5ZDAD8q6
/AmtwSvovzruTLL1fTL7KoFzziIO9gSvavZRSbysRuPOxk7YC2BylenfB92DLxZw
JC3wDPstJhXaeHwIj6OGvQw+czFMZn8829TFpkYVNfPPOFizIN7nqYLtvYRekUt9
zf6SNWGSLjCOkQa5iEJ7tGvk+9Wq/sdekLktT2mPOVCmaAkvLgFVMlGVgtle08Vi
L6RzwQAT0gGNZXV48f9kVVCQcioj2opf8xkN7ltFL/gDgGvIzg/apBs+FIPbNreP
J1xKUNxjS+Bj97vOaCkb2UOPjrz3XJC7+7aBPkuuazOyh+pCT7NDEQ8WwcDKfIPb
FhcR3CWOc1behaUAF6valcGfdqciQ982vteirjq3o4KbP6jre/VX6gOH+RNZX6K6
lq2TSmIS0DMPTahVDQgJ
=vJXL
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa Memcached

Otkriven je sigurnosni nedostatak u programskom paketu Memcached za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....

Close