Ubuntu update for PHP
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2014-8142 CVE-2015-0231 CVE-2014-9427 CVE-2014-9652 CVE-2015-0232 CVE-2015-1351 CVE-2015-1352 |
| CWE-ID | CWE-416 CWE-125 CWE-20 CWE-476 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
php5 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU16100
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2014-8142
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4. A remote attacker can trigger memory corruption via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object and execute arbitrary code. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Mitigation- Ubuntu 14.10:
- php5-cli 5.5.12+dfsg-2ubuntu4.2
- php5-cgi 5.5.12+dfsg-2ubuntu4.2
- libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2
- php5-fpm 5.5.12+dfsg-2ubuntu4.2
- php5-pgsql 5.5.12+dfsg-2ubuntu4.2
- Ubuntu 14.04 LTS:
- php5-cli 5.5.9+dfsg-1ubuntu4.6
- php5-cgi 5.5.9+dfsg-1ubuntu4.6
- libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6
- php5-fpm 5.5.9+dfsg-1ubuntu4.6
- php5-pgsql 5.5.9+dfsg-1ubuntu4.6
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.16
- php5-cgi 5.3.10-1ubuntu3.16
- libapache2-mod-php5 5.3.10-1ubuntu3.16
- php5-fpm 5.3.10-1ubuntu3.16
- php5-pgsql 5.3.10-1ubuntu3.16
php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.15
External linkshttp://www.ubuntu.com/usn/usn-2501-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Use-after-free
EUVDB-ID: #VU16101
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-0231
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to гse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5. A remote attacker can trigger memory corruption via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an objecе. Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Mitigation- Ubuntu 14.10:
- php5-cli 5.5.12+dfsg-2ubuntu4.2
- php5-cgi 5.5.12+dfsg-2ubuntu4.2
- libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2
- php5-fpm 5.5.12+dfsg-2ubuntu4.2
- php5-pgsql 5.5.12+dfsg-2ubuntu4.2
- Ubuntu 14.04 LTS:
- php5-cli 5.5.9+dfsg-1ubuntu4.6
- php5-cgi 5.5.9+dfsg-1ubuntu4.6
- libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6
- php5-fpm 5.5.9+dfsg-1ubuntu4.6
- php5-pgsql 5.5.9+dfsg-1ubuntu4.6
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.16
- php5-cgi 5.3.10-1ubuntu3.16
- libapache2-mod-php5 5.3.10-1ubuntu3.16
- php5-fpm 5.3.10-1ubuntu3.16
- php5-pgsql 5.3.10-1ubuntu3.16
php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.15
External linkshttp://www.ubuntu.com/usn/usn-2501-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Out-of-bounds read
EUVDB-ID: #VU16102
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-9427
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to out-of-bounds read when sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character. A remote attacker can obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.
Mitigation- Ubuntu 14.10:
- php5-cli 5.5.12+dfsg-2ubuntu4.2
- php5-cgi 5.5.12+dfsg-2ubuntu4.2
- libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2
- php5-fpm 5.5.12+dfsg-2ubuntu4.2
- php5-pgsql 5.5.12+dfsg-2ubuntu4.2
- Ubuntu 14.04 LTS:
- php5-cli 5.5.9+dfsg-1ubuntu4.6
- php5-cgi 5.5.9+dfsg-1ubuntu4.6
- libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6
- php5-fpm 5.5.9+dfsg-1ubuntu4.6
- php5-pgsql 5.5.9+dfsg-1ubuntu4.6
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.16
- php5-cgi 5.3.10-1ubuntu3.16
- libapache2-mod-php5 5.3.10-1ubuntu3.16
- php5-fpm 5.3.10-1ubuntu3.16
- php5-pgsql 5.3.10-1ubuntu3.16
php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.15
External linkshttp://www.ubuntu.com/usn/usn-2501-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU16103
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-9652
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to the mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string. A remote attacker can cause out-of-bounds memory access and application crash via a crafted file.
Mitigation- Ubuntu 14.10:
- php5-cli 5.5.12+dfsg-2ubuntu4.2
- php5-cgi 5.5.12+dfsg-2ubuntu4.2
- libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2
- php5-fpm 5.5.12+dfsg-2ubuntu4.2
- php5-pgsql 5.5.12+dfsg-2ubuntu4.2
- Ubuntu 14.04 LTS:
- php5-cli 5.5.9+dfsg-1ubuntu4.6
- php5-cgi 5.5.9+dfsg-1ubuntu4.6
- libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6
- php5-fpm 5.5.9+dfsg-1ubuntu4.6
- php5-pgsql 5.5.9+dfsg-1ubuntu4.6
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.16
- php5-cgi 5.3.10-1ubuntu3.16
- libapache2-mod-php5 5.3.10-1ubuntu3.16
- php5-fpm 5.3.10-1ubuntu3.16
- php5-pgsql 5.3.10-1ubuntu3.16
php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.15
External linkshttp://www.ubuntu.com/usn/usn-2501-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU16104
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0232
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to an error in the exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5. A remote attacker can trigger uninitialized pointer free via crafted EXIF data in a JPEG image and cause the service to crash or execute arbitrary code.
- Ubuntu 14.10:
- php5-cli 5.5.12+dfsg-2ubuntu4.2
- php5-cgi 5.5.12+dfsg-2ubuntu4.2
- libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2
- php5-fpm 5.5.12+dfsg-2ubuntu4.2
- php5-pgsql 5.5.12+dfsg-2ubuntu4.2
- Ubuntu 14.04 LTS:
- php5-cli 5.5.9+dfsg-1ubuntu4.6
- php5-cgi 5.5.9+dfsg-1ubuntu4.6
- libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6
- php5-fpm 5.5.9+dfsg-1ubuntu4.6
- php5-pgsql 5.5.9+dfsg-1ubuntu4.6
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.16
- php5-cgi 5.3.10-1ubuntu3.16
- libapache2-mod-php5 5.3.10-1ubuntu3.16
- php5-fpm 5.3.10-1ubuntu3.16
- php5-pgsql 5.3.10-1ubuntu3.16
php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.15
External linkshttp://www.ubuntu.com/usn/usn-2501-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free error
EUVDB-ID: #VU3380
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-1351
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7. A remote attacker can trigger memory corruption and cause the service to crash.
- Ubuntu 14.10:
- php5-cli 5.5.12+dfsg-2ubuntu4.2
- php5-cgi 5.5.12+dfsg-2ubuntu4.2
- libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2
- php5-fpm 5.5.12+dfsg-2ubuntu4.2
- php5-pgsql 5.5.12+dfsg-2ubuntu4.2
- Ubuntu 14.04 LTS:
- php5-cli 5.5.9+dfsg-1ubuntu4.6
- php5-cgi 5.5.9+dfsg-1ubuntu4.6
- libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6
- php5-fpm 5.5.9+dfsg-1ubuntu4.6
- php5-pgsql 5.5.9+dfsg-1ubuntu4.6
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.16
- php5-cgi 5.3.10-1ubuntu3.16
- libapache2-mod-php5 5.3.10-1ubuntu3.16
- php5-fpm 5.3.10-1ubuntu3.16
- php5-pgsql 5.3.10-1ubuntu3.16
php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.15
External linkshttp://www.ubuntu.com/usn/usn-2501-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU16105
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-1352
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a specially crafted name. A remote attacker can perform a denial of service (DoS) attack.
Mitigation- Ubuntu 14.10:
- php5-cli 5.5.12+dfsg-2ubuntu4.2
- php5-cgi 5.5.12+dfsg-2ubuntu4.2
- libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2
- php5-fpm 5.5.12+dfsg-2ubuntu4.2
- php5-pgsql 5.5.12+dfsg-2ubuntu4.2
- Ubuntu 14.04 LTS:
- php5-cli 5.5.9+dfsg-1ubuntu4.6
- php5-cgi 5.5.9+dfsg-1ubuntu4.6
- libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6
- php5-fpm 5.5.9+dfsg-1ubuntu4.6
- php5-pgsql 5.5.9+dfsg-1ubuntu4.6
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.16
- php5-cgi 5.3.10-1ubuntu3.16
- libapache2-mod-php5 5.3.10-1ubuntu3.16
- php5-fpm 5.3.10-1ubuntu3.16
- php5-pgsql 5.3.10-1ubuntu3.16
php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.15
External linkshttp://www.ubuntu.com/usn/usn-2501-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
