==========================================================================
Ubuntu Security Notice USN-2126-1
March 03, 2014
php5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in PHP.
Software Description:
– php5: HTML-embedded scripting language interpreter
Details:
Bernd Melchers discovered that PHP’s embedded libmagic library incorrectly
handled indirect offset values. An attacker could use this issue to cause
PHP to consume resources or crash, resulting in a denial of service.
(CVE-2014-1943)
It was discovered that PHP incorrectly handled certain values when using
the imagecrop function. An attacker could possibly use this issue to cause
PHP to crash, resulting in a denial of service, obtain sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 13.10. (CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-2020)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.2
php5-cgi 5.5.3+dfsg-1ubuntu2.2
php5-cli 5.5.3+dfsg-1ubuntu2.2
php5-gd 5.5.3+dfsg-1ubuntu2.2
Ubuntu 12.10:
libapache2-mod-php5 5.4.6-1ubuntu1.7
php5-cgi 5.4.6-1ubuntu1.7
php5-cli 5.4.6-1ubuntu1.7
php5-gd 5.4.6-1ubuntu1.7
Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.10
php5-cgi 5.3.10-1ubuntu3.10
php5-cli 5.3.10-1ubuntu3.10
php5-gd 5.3.10-1ubuntu3.10
Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.23
php5-cgi 5.3.2-1ubuntu4.23
php5-cli 5.3.2-1ubuntu4.23
php5-gd 5.3.2-1ubuntu4.23
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2126-1
CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-1943,
CVE-2014-2020
Package Information:
https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubuntu2.2
https://launchpad.net/ubuntu/+source/php5/5.4.6-1ubuntu1.7
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.10
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.23
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTFMs+AAoJEGVp2FWnRL6Th5EP/iSAAJAYnWiZtyFKZfUVKSIO
qfV9vy7KTCIeCISHzUjJ7qYOwclYxCIryoXpEUTueoADHL+a7zwvfDkr8WhgxMBu
veviGkDkS4r1+Wyimla45OYaN/VrHzvtrHmJmZyCZ9XX9PCGXe49WMbFvJp+f8zJ
JdzHdLsIRQQzt9WLPTBba+A9oq6pb3kWcW2kqL1rqvSa8v2GXmjCzc46G6WkOeb9
VAMnSLIsSYxjAE7fDIqoIXG6lnxncrNaI2TR2yuBHVuD0OGBgjMJKdfkzRn2eFBS
vPV1OFuyT/QOdWXOKfW2IXSlXPFV/iZ62vD3VUS/2KgH+wsYxoF4ruPEJaoBao1U
Lx9cwe7lOlpMyBpxjPTSzAHwRYYWj6usoqUN8DjWXCI+lQkU1KZCt37KbBq5QV/8
GMqkk48Dwsp0EDEcbcB8g9AGzkX0nfw7M2XCcjjfjtfJQ5d/3q6qsehz6ZiYYBoz
MClnsfKDWKBW6+7+9KdRXIC5dZMothMT603cT/BVFg43S3mvN0YWI5vdkpbW/KbB
GzFmPHAlLnYFNXkuTWIUaAIzq2I3J6zhHAG394BM0LKLqqPKWbVX9nLvL6QWo+9b
I2NS0jtk9plDbaYgDLqI5udBO4NI8y4cSlxCWLANH3zfePUN2Xt5unj9XisE+xQb
soV3QKMXJwYVPJDf6bZf
=EOkR
—–END PGP SIGNATURE—–
—