Ubuntu update for PHP



Published: 2015-03-03 | Updated: 2018-11-27
Risk Medium
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2014-1943
CVE-2013-7226
CVE-2013-7327
CVE-2013-7328
CVE-2014-2020
CWE-ID CWE-400
CWE-122
CWE-476
CWE-190
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		php5 (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Resource exhaustion

EUVDB-ID: #VU16078

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-1943

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite recursion when insufficient validation of user-supplied input. A local attacker can trigger CPU consumption and cause the service to crash.

Mitigation

Update the affected packages.



Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.9

External links

http://www.ubuntu.com/usn/usn-2126-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU16066

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-7226

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9. A remote attacker can use an imagecrop function call with a large x dimension value to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.



Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.9

External links

http://www.ubuntu.com/usn/usn-2126-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU16079

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-7327

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return value. A remote attacker can trigger NULL pointer dereference via invalid imagecrop arguments and cause the service to crash.

Mitigation

Update the affected packages.



Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.9

External links

http://www.ubuntu.com/usn/usn-2126-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Integer overflow

EUVDB-ID: #VU16080

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-7328

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9. A remote attacker can cause application crash or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension.

Mitigation

Update the affected packages.



Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.9

External links

http://www.ubuntu.com/usn/usn-2126-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU16081

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-2020

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types. A remote attacker can use a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value and obtain sensitive information.

Mitigation

Update the affected packages.



Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.9

External links

http://www.ubuntu.com/usn/usn-2126-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###