You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php5

Sigurnosni nedostaci programskog paketa php5

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2126-1
March 03, 2014

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
– php5: HTML-embedded scripting language interpreter

Details:

Bernd Melchers discovered that PHP’s embedded libmagic library incorrectly
handled indirect offset values. An attacker could use this issue to cause
PHP to consume resources or crash, resulting in a denial of service.
(CVE-2014-1943)

It was discovered that PHP incorrectly handled certain values when using
the imagecrop function. An attacker could possibly use this issue to cause
PHP to crash, resulting in a denial of service, obtain sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 13.10. (CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-2020)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.2
php5-cgi 5.5.3+dfsg-1ubuntu2.2
php5-cli 5.5.3+dfsg-1ubuntu2.2
php5-gd 5.5.3+dfsg-1ubuntu2.2

Ubuntu 12.10:
libapache2-mod-php5 5.4.6-1ubuntu1.7
php5-cgi 5.4.6-1ubuntu1.7
php5-cli 5.4.6-1ubuntu1.7
php5-gd 5.4.6-1ubuntu1.7

Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.10
php5-cgi 5.3.10-1ubuntu3.10
php5-cli 5.3.10-1ubuntu3.10
php5-gd 5.3.10-1ubuntu3.10

Ubuntu 10.04 LTS:
libapache2-mod-php5 5.3.2-1ubuntu4.23
php5-cgi 5.3.2-1ubuntu4.23
php5-cli 5.3.2-1ubuntu4.23
php5-gd 5.3.2-1ubuntu4.23

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2126-1
CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-1943,
CVE-2014-2020

Package Information:
https://launchpad.net/ubuntu/+source/php5/5.5.3+dfsg-1ubuntu2.2
https://launchpad.net/ubuntu/+source/php5/5.4.6-1ubuntu1.7
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.10
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.23

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTFMs+AAoJEGVp2FWnRL6Th5EP/iSAAJAYnWiZtyFKZfUVKSIO
qfV9vy7KTCIeCISHzUjJ7qYOwclYxCIryoXpEUTueoADHL+a7zwvfDkr8WhgxMBu
veviGkDkS4r1+Wyimla45OYaN/VrHzvtrHmJmZyCZ9XX9PCGXe49WMbFvJp+f8zJ
JdzHdLsIRQQzt9WLPTBba+A9oq6pb3kWcW2kqL1rqvSa8v2GXmjCzc46G6WkOeb9
VAMnSLIsSYxjAE7fDIqoIXG6lnxncrNaI2TR2yuBHVuD0OGBgjMJKdfkzRn2eFBS
vPV1OFuyT/QOdWXOKfW2IXSlXPFV/iZ62vD3VUS/2KgH+wsYxoF4ruPEJaoBao1U
Lx9cwe7lOlpMyBpxjPTSzAHwRYYWj6usoqUN8DjWXCI+lQkU1KZCt37KbBq5QV/8
GMqkk48Dwsp0EDEcbcB8g9AGzkX0nfw7M2XCcjjfjtfJQ5d/3q6qsehz6ZiYYBoz
MClnsfKDWKBW6+7+9KdRXIC5dZMothMT603cT/BVFg43S3mvN0YWI5vdkpbW/KbB
GzFmPHAlLnYFNXkuTWIUaAIzq2I3J6zhHAG394BM0LKLqqPKWbVX9nLvL6QWo+9b
I2NS0jtk9plDbaYgDLqI5udBO4NI8y4cSlxCWLANH3zfePUN2Xt5unj9XisE+xQb
soV3QKMXJwYVPJDf6bZf
=EOkR
—–END PGP SIGNATURE—–

AutorMarijo Plepelic
Cert idNCERT-REF-2014-03-0005-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Ranjivost programskog paketa php5

Ustanovljena je ranjivost u načinu kojim je alat za klasificiranje vrste datoteke, file, upravljao indirektnim "magic" pravilima unutar biblioteke libmagic,...

Close