- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-3902-1
March 06, 2019
php5, php7.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in PHP.
Software Description:
– php7.0: HTML-embedded scripting language interpreter
– php5: HTML-embedded scripting language interpreter
Details:
It was discovered that the PHP XML-RPC module incorrectly handled decoding
XML data. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2019-9020, CVE-2019-9024)
It was discovered that the PHP PHAR module incorrectly handled certain
filenames. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2019-9021)
It was discovered that PHP incorrectly parsed certain DNS responses. A
remote attacker could possibly use this issue to cause PHP to crash,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2019-9022)
It was discovered that PHP incorrectly handled mbstring regular
expressions. A remote attacker could possibly use this issue to cause PHP
to crash, resulting in a denial of service. (CVE-2019-9023)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.2
php7.0-cgi 7.0.33-0ubuntu0.16.04.2
php7.0-cli 7.0.33-0ubuntu0.16.04.2
php7.0-fpm 7.0.33-0ubuntu0.16.04.2
php7.0-mbstring 7.0.33-0ubuntu0.16.04.2
php7.0-xmlrpc 7.0.33-0ubuntu0.16.04.2
Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.27
php5-cgi 5.5.9+dfsg-1ubuntu4.27
php5-cli 5.5.9+dfsg-1ubuntu4.27
php5-fpm 5.5.9+dfsg-1ubuntu4.27
php5-xmlrpc 5.5.9+dfsg-1ubuntu4.27
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3902-1
CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023,
CVE-2019-9024
Package Information:
https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.2
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.27
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlx/7O0ACgkQZWnYVadE
vpM9kQ/+NRB5zcKftjydhYpG7jGi+5eO/4wlUSKh12PhwO2lC2Xwn5HLkmUNDCd+
57SoEAvsmTihQjUkLX/M+iYq/9HImVySDetP8NBlRk+8Bc2I9HddNSXSwO/nqbc7
ouNgToq5UN9LEmPrYt1btcJ2JuQHXVxZGwTEw7xzxMsLNwCW+SaFuct5Z9TFVcc0
k81iuVmoo6nUf9W9lFL7dk6Z7bBa04R4m2nHAuu0q/Zb78+9VdAlKBUkzMC9G9dT
sDH3hV5UDiCJFzJljD/rYA/DTuQhEGvzTdG7lfPOkZs/f7eqOhpwrO0ZV6MN6CAr
u9kSLUzKE+jGUlezTF8MmJGykf1D6iW0Dh6sj1RSqTimhSXvdhF3EPrqJ2RPzQOs
lA+U5ooVhKKE8ypWgDixE6q+hOanmleLCC36DDLMQMFEQoLWKg0zyt1W5QwmzFCw
H9s+s0/9Aj/uHAoOY0afK4pj0n2ngCwiGIbrP2uz3NXvuobqIl9uBkNKAHylGbzk
g7BpYG5g40j0xLTIljK6uVHL9gdOSPbY9OR0kBuwqec+ZStVyZwUqQsdqk5JjO5L
u7SHGFuSQzoJTOaQvGmSPK3wyKMciKAyYmeFIgKwSNkfWkdXOOpTmWmXajT+nzmK
ESsXInaDJ9fXQWYqU+rjTL+oKTbESOMCoPGDiqFvumoRM1ZrkR8=
=IUaL
—–END PGP SIGNATURE—–
—
| Autor | Toni Vugdelija |
| Cert id | NCERT-REF-2019-03-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
