Ubuntu Security Notice USN-2344-1

Ubuntu Security Notice USN-2344-1: Posted Sep 11, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2344-1 - It was discovered that the Fileinfo component in php5 contains an integer overflow. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via a crafted CDF file. It was discovered that the php_parserr function contains multiple buffer overflows. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via crafted DNS records.; tags | advisory, denial of service, overflow, arbitrary; systems | linux, ubuntu; advisories | CVE-2014-3587, CVE-2014-3597; SHA-256 | 03372400c70b371cdf5ed00c4c33da42ee3f6e763d7c09635eb62ec8542b43bc; Download | Favorite | View

Ubuntu Security Notice USN-2344-1

Content-Disposition: inline

==========================================================================Ubuntu Security Notice USN-2344-1
September 10, 2014

php5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

php5 could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- php5: HTML-embedded scripting language interpreter

Details:

It was discovered that the Fileinfo component in php5 contains an integer
overflow. An attacker could use this flaw to cause a denial of service
or possibly execute arbitrary code via a crafted CDF file. (CVE-2014-3587)

It was discovered that the php_parserr function contains multiple buffer
overflows. An attacker could use this flaw to cause a denial of service
or possibly execute arbitrary code via crafted DNS records. (CVE-2014-3597)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.4
  php5                            5.5.9+dfsg-1ubuntu4.4
  php5-cgi                        5.5.9+dfsg-1ubuntu4.4
  php5-fpm                        5.5.9+dfsg-1ubuntu4.4

Ubuntu 12.04 LTS:
  libapache2-mod-php5             5.3.10-1ubuntu3.14
  php5                            5.3.10-1ubuntu3.14
  php5-cgi                        5.3.10-1ubuntu3.14
  php5-fpm                        5.3.10-1ubuntu3.14

Ubuntu 10.04 LTS:
  libapache2-mod-php5             5.3.2-1ubuntu4.27
  php5                            5.3.2-1ubuntu4.27
  php5-cgi                        5.3.2-1ubuntu4.27

After a standard system update you need to restart Apache or
php5-fpm to make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2344-1
  CVE-2014-3587, CVE-2014-3597

Package Information:
  https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.4
  https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.14
  https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.27

Top Authors In Last 30 Days

Red Hat 323 files
Ubuntu 71 files
Debian 21 files
LiquidWorm 12 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
Spencer McIntyre 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Ubuntu Security Notice USN-2344-1

Ubuntu Security Notice USN-2344-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-2344-1

Share This

Ubuntu Security Notice USN-2344-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems