You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php5

Sigurnosni nedostaci programskog paketa php5

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3766-2
September 19, 2018

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in PHP.

Software Description:
– php5: HTML-embedded scripting language interpreter

Details:

USN-3766-1 fixed a vulnerability in PHP. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that PHP incorrectly handled certain exif tags in
 JPEG images. A remote attacker could possibly use this issue to cause
 PHP to crash, resulting in a denial of service. 
 (CVE-2018-14851, CVE-2018-14883)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  libapache2-mod-php5             5.3.10-1ubuntu3.32
  php5-cgi                        5.3.10-1ubuntu3.32
  php5-cli                        5.3.10-1ubuntu3.32
  php5-fpm                        5.3.10-1ubuntu3.32

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3766-2
  https://usn.ubuntu.com/usn/usn-3766-1
  CVE-2018-14851, CVE-2018-14883—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJboiS9AAoJEEW851uECx9pBDgQAJQVXsaYI335fWpwsJgsSCI+
CM8urBCFSLmuVqIYPkvxEpq47S3gQx2/ptB0Vb5NUUGePb+cogqukfCRWiDJIms7
L5nnndMR2vP095ISQFnq92kjxCz65wNJSVj37bRls7N4eJQj56/xl3h9PAwEc9tD
+1fxChlPWiw9sj5+ze4ha5jlWR2LjxrpvpWbx58d3BNJk6y4hOVDkpDgurRmhl5h
GWRsSgzvP5tp6QjZ5Ffcikxv/uR92SEs2dT9RBgi8sGKifFsAo4jsAD0EBeV1qXF
EKvtVFkNqJxCG0ZVfx5473iiKTpo6KNEP5ujrAICfjxx4fpWslY8i25lYo+Buhft
9+i8zhDgKvGiQgylIi9m9mO8Q1uZkgy3b4pZ3TywM1LCF+YnqUNJf41RRwS0NCBk
RlW3PywbbHC/pCixmssXP2v3l0iTCMu8lsCCedGP9gs4uBoEncjPoDJkB213XqS6
/kjG+ILBiKWapXUll1C8EBLKGgZwNRIRISVaclnRmQXNfBhYce2ggEH/odnbt+89
b18fiw3sn+qoVZ5eR8U4erresmKftZnCKXTglDVpeRqqLJfnxDsOTlBTJ9aWQWBN
tCdqKTGuAtfYYknOccTUFbRXgSCko2dux419JcLTsa7xCIH9YPD8J5T9g5jBUWKA
L/LjqYEVplLXizxNosYw
=suJM
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke glib2.0

Otkriveni su sigurnosni nedostaci programske biblioteke glib2.0 za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje...

Close