Ubuntu update for PHP
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2014-8117 CVE-2014-9705 CVE-2015-0273 CVE-2015-2301 |
| CWE-ID | CWE-400 CWE-122 CWE-416 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
php5 (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU3894
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-8117
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to resource exhaustion when softmagic.c in file before 5.21 does not properly limit recursion. A remote attacker can trigger CPU consumption and cause the service to crash.
Update the affected packages.
- Ubuntu 14.10:
- php5-cli 5.5.12+dfsg-2ubuntu4.3
- php5-cgi 5.5.12+dfsg-2ubuntu4.3
- libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.3
- php5-fpm 5.5.12+dfsg-2ubuntu4.3
- php5-enchant 5.5.12+dfsg-2ubuntu4.3
- Ubuntu 14.04 LTS:
- php5-cli 5.5.9+dfsg-1ubuntu4.7
- php5-cgi 5.5.9+dfsg-1ubuntu4.7
- libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.7
- php5-fpm 5.5.9+dfsg-1ubuntu4.7
- php5-enchant 5.5.9+dfsg-1ubuntu4.7
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.17
- php5-cgi 5.3.10-1ubuntu3.17
- libapache2-mod-php5 5.3.10-1ubuntu3.17
- php5-fpm 5.3.10-1ubuntu3.17
- php5-enchant 5.3.10-1ubuntu3.17
- Ubuntu 10.04 LTS:
- php5-cli 5.3.2-1ubuntu4.29
- php5-cgi 5.3.2-1ubuntu4.29
- libapache2-mod-php5 5.3.2-1ubuntu4.29
- php5-enchant 5.3.2-1ubuntu4.29
php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.16
External linkshttp://www.ubuntu.com/usn/usn-2535-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU16106
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-9705
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6. A remote attacker can trigger memory corruption via vectors that trigger creation of multiple dictionaries and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
- Ubuntu 14.10:
- php5-cli 5.5.12+dfsg-2ubuntu4.3
- php5-cgi 5.5.12+dfsg-2ubuntu4.3
- libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.3
- php5-fpm 5.5.12+dfsg-2ubuntu4.3
- php5-enchant 5.5.12+dfsg-2ubuntu4.3
- Ubuntu 14.04 LTS:
- php5-cli 5.5.9+dfsg-1ubuntu4.7
- php5-cgi 5.5.9+dfsg-1ubuntu4.7
- libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.7
- php5-fpm 5.5.9+dfsg-1ubuntu4.7
- php5-enchant 5.5.9+dfsg-1ubuntu4.7
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.17
- php5-cgi 5.3.10-1ubuntu3.17
- libapache2-mod-php5 5.3.10-1ubuntu3.17
- php5-fpm 5.3.10-1ubuntu3.17
- php5-enchant 5.3.10-1ubuntu3.17
- Ubuntu 10.04 LTS:
- php5-cli 5.3.2-1ubuntu4.29
- php5-cgi 5.3.2-1ubuntu4.29
- libapache2-mod-php5 5.3.2-1ubuntu4.29
- php5-enchant 5.3.2-1ubuntu4.29
php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.16
External linkshttp://www.ubuntu.com/usn/usn-2535-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free error
EUVDB-ID: #VU16107
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2015-0273
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6. A remote attacker can trigger memory corruption via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
- Ubuntu 14.10:
- php5-cli 5.5.12+dfsg-2ubuntu4.3
- php5-cgi 5.5.12+dfsg-2ubuntu4.3
- libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.3
- php5-fpm 5.5.12+dfsg-2ubuntu4.3
- php5-enchant 5.5.12+dfsg-2ubuntu4.3
- Ubuntu 14.04 LTS:
- php5-cli 5.5.9+dfsg-1ubuntu4.7
- php5-cgi 5.5.9+dfsg-1ubuntu4.7
- libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.7
- php5-fpm 5.5.9+dfsg-1ubuntu4.7
- php5-enchant 5.5.9+dfsg-1ubuntu4.7
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.17
- php5-cgi 5.3.10-1ubuntu3.17
- libapache2-mod-php5 5.3.10-1ubuntu3.17
- php5-fpm 5.3.10-1ubuntu3.17
- php5-enchant 5.3.10-1ubuntu3.17
- Ubuntu 10.04 LTS:
- php5-cli 5.3.2-1ubuntu4.29
- php5-cgi 5.3.2-1ubuntu4.29
- libapache2-mod-php5 5.3.2-1ubuntu4.29
- php5-enchant 5.3.2-1ubuntu4.29
php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.16
External linkshttp://www.ubuntu.com/usn/usn-2535-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Use-after-free error
EUVDB-ID: #VU16108
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-2301
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6. A remote attacker can trigger memory corruption via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file and cause the service to crash.
MitigationUpdate the affected packages.
- Ubuntu 14.10:
- php5-cli 5.5.12+dfsg-2ubuntu4.3
- php5-cgi 5.5.12+dfsg-2ubuntu4.3
- libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.3
- php5-fpm 5.5.12+dfsg-2ubuntu4.3
- php5-enchant 5.5.12+dfsg-2ubuntu4.3
- Ubuntu 14.04 LTS:
- php5-cli 5.5.9+dfsg-1ubuntu4.7
- php5-cgi 5.5.9+dfsg-1ubuntu4.7
- libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.7
- php5-fpm 5.5.9+dfsg-1ubuntu4.7
- php5-enchant 5.5.9+dfsg-1ubuntu4.7
- Ubuntu 12.04 LTS:
- php5-cli 5.3.10-1ubuntu3.17
- php5-cgi 5.3.10-1ubuntu3.17
- libapache2-mod-php5 5.3.10-1ubuntu3.17
- php5-fpm 5.3.10-1ubuntu3.17
- php5-enchant 5.3.10-1ubuntu3.17
- Ubuntu 10.04 LTS:
- php5-cli 5.3.2-1ubuntu4.29
- php5-cgi 5.3.2-1ubuntu4.29
- libapache2-mod-php5 5.3.2-1ubuntu4.29
- php5-enchant 5.3.2-1ubuntu4.29
php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.16
External linkshttp://www.ubuntu.com/usn/usn-2535-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
