You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa php7.0 i php7.2

Sigurnosni nedostaci programskih paketa php7.0 i php7.2

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4009-1
June 05, 2019

php7.0, php7.2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
– php7.2: HTML-embedded scripting language interpreter
– php7.0: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain exif tags in images.
A remote attacker could use this issue to cause PHP to crash, resulting in
a denial of service, or possibly obtain sensitive information.
(CVE-2019-11036)

It was discovered that PHP incorrectly decoding certain MIME headers. A
remote attacker could possibly use this issue to cause PHP to crash,
resulting in a denial of service. (CVE-2019-11039)

It was discovered that PHP incorrectly handled certain exif tags in images.
A remote attacker could use this issue to cause PHP to crash, resulting in
a denial of service, or possibly execute arbitrary code. (CVE-2019-11040)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libapache2-mod-php7.2 7.2.19-0ubuntu0.19.04.1
php7.2-cgi 7.2.19-0ubuntu0.19.04.1
php7.2-cli 7.2.19-0ubuntu0.19.04.1
php7.2-fpm 7.2.19-0ubuntu0.19.04.1

Ubuntu 18.10:
libapache2-mod-php7.2 7.2.19-0ubuntu0.18.10.1
php7.2-cgi 7.2.19-0ubuntu0.18.10.1
php7.2-cli 7.2.19-0ubuntu0.18.10.1
php7.2-fpm 7.2.19-0ubuntu0.18.10.1

Ubuntu 18.04 LTS:
libapache2-mod-php7.2 7.2.19-0ubuntu0.18.04.1
php7.2-cgi 7.2.19-0ubuntu0.18.04.1
php7.2-cli 7.2.19-0ubuntu0.18.04.1
php7.2-fpm 7.2.19-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.5
php7.0-cgi 7.0.33-0ubuntu0.16.04.5
php7.0-cli 7.0.33-0ubuntu0.16.04.5
php7.0-fpm 7.0.33-0ubuntu0.16.04.5

In Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04, this update uses a new
upstream release, which includes additional bug fixes.

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4009-1
CVE-2019-11036, CVE-2019-11039, CVE-2019-11040

Package Information:
https://launchpad.net/ubuntu/+source/php7.2/7.2.19-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/php7.2/7.2.19-0ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/php7.2/7.2.19-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.5

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlz37jAACgkQZWnYVadE
vpNzDw/8D7LXfQX811yXTEylq6+PqPI3AWbb6i81OTC799mwDzfNppFEZYK16CiY
ZsgrcikkJ6ejO/LHZROP4yitpoqxYbk7EuK98ipifAUQ6R0xs7mX3Fn4MubiIznb
3sG33QIppl/Wt9dHArEzHE0GJOUm1QT0CXaPKci087ZVXsHuoSa27n711JbZQK0l
EuiRtY83ypGNzN/G/aHtu6xz/hRtIyzPEnieGBpwrWaezbwl8SxO3j5O/oiODZWP
xjCd+dkzJkXOYfL6LwazxEHuL7lWExrGmhu1InuV5zNRfShParbO7d5XCQIxBfKk
6NKaPR1x3V6XOka1yPWZryQvHvIElQf4NRkEpFG4el2N4sbSlkjzwji9y7w3kORE
lQ5R3kqkPRlSB61u6XP9EpmphM0rjOba9kRKqscnzU5cpIIe+6zKFQycoJsmg52D
ZiwlE/Dho9zF9ytTKw/9NsWFBo1iu/a32xN6osi6jEMUK/lpxBPIIzmil9vLm3XN
RvAg7l+Xa69MdKNGoBJGweptbDdKAQnu8pIl0aaDN1t+bODWr9Cc82QAqS0fa/6w
EaHQ1zVY78XjNHCh91OD/ZSQ5k9psK/t0B3xBp5+c6CvJgrj7rQXL+hNGzHyAmT9
pU8M7zJaqmiSOdb9PkG/QRUaz6bKaFVkMFH0iCGVzbOtiIlH2Z0=
=Z6lE
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-4009-2
June 05, 2019

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in PHP.

Software Description:
– php5: HTML-embedded scripting language interpreter

Details:

USN-4009-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

 It was discovered that PHP incorrectly decoding certain MIME headers.
 A remote attacker could possibly use this issue to cause PHP to crash,
 resulting in a denial of service. (CVE-2019-11039)

 It was discovered that PHP incorrectly handled certain exif tags in
 images. A remote attacker could use this issue to cause PHP to crash,
 resulting in a denial of service, or possibly execute arbitrary code.
 (CVE-2019-11040)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.29+esm3
  php5-cgi                        5.5.9+dfsg-1ubuntu4.29+esm3
  php5-cli                        5.5.9+dfsg-1ubuntu4.29+esm3
  php5-fpm                        5.5.9+dfsg-1ubuntu4.29+esm3

Ubuntu 12.04 ESM:
  libapache2-mod-php5             5.3.10-1ubuntu3.37
  php5-cgi                        5.3.10-1ubuntu3.37
  php5-cli                        5.3.10-1ubuntu3.37
  php5-fpm                        5.3.10-1ubuntu3.37

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/4009-2
  https://usn.ubuntu.com/4009-1
  CVE-2019-11039, CVE-2019-11040—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJc9/9kAAoJEEW851uECx9p9NoP/ickoC13DsC/zssqutqO84vV
kO/KSwr60DvOETacfNBn/KJVTohrVUoQUgG2hnoFbD85Xxt+/7lKiZ94PWozLBj1
zvWjT+e7Bp6Ga+m3+u3L429jBmVIRAz+NnNWXuZBueb23nRLOCvyax1ZWUtcVmwx
eg/7Saw99g/9eMRu5Rbmi57ipifVLYw8fvw6+aOsLut7nDZ20JXKSalGOLZQNRw0
JtO3o67h7KVUz5mtmq7YprwWLBX5McObkwIeCNfJdmbj5TTQoGx8JKyyyWxfqVHr
xl1f/Fj4/sUFAxPaAnXiHp/MqCfvg0sCwEaGe8Sv9JMNJc5WmpJsfvQPURUcU/dv
/T8vPKBVWR4bpTh4x0FDKlToZKN1aUNg+r6+oaYB9IgiIEopsZWVQKSdOd/9oS5e
/K/+rKUbX1JAaTLRS/xhzJQ67WIUj5XzOu5N9m3HJuf9FrSHxeLnCAKUUXhVvyRh
47MLvBnjq9ruNZm0eXPN1t9bv69ItrBLn9nHxMVOUIEjfGr/seMp5oXxqbmkHH1y
GWb9xxzsAsVLuMpK9XL76dC28wNlSM0CeEKCdPVXRYe61FGwkBI8od5mgEJjdRlE
zooO53CApVzMBUv97ZNnmVmDiHkfM4B08pJOB470rFfb6Ou0aKiuxy5o+aHWYhTQ
ra0Mrk93+lbJ9S0nqNp+
=05uE
—–END PGP SIGNATURE—–

AutorJosip Papratovic
Cert idNCERT-REF-2019-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa exim4

Otkriven je sigurnosni nedostatak u programskom paketu exim4 za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close