Ubuntu update for php5

1) Buffer overflow

EUVDB-ID: #VU16097

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-3668

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2. A remote attacker can trigger memory corruption via a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation and cause the service to crash.

Mitigation

Ubuntu 14.10:

php5-cli 5.5.12+dfsg-2ubuntu4.1

php5-cgi 5.5.12+dfsg-2ubuntu4.1

php5-xmlrpc 5.5.12+dfsg-2ubuntu4.1

php5-curl 5.5.12+dfsg-2ubuntu4.1

libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.1

php5-fpm 5.5.12+dfsg-2ubuntu4.1

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.5

php5-cgi 5.5.9+dfsg-1ubuntu4.5

php5-xmlrpc 5.5.9+dfsg-1ubuntu4.5

php5-curl 5.5.9+dfsg-1ubuntu4.5

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.5

php5-fpm 5.5.9+dfsg-1ubuntu4.5

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.15

php5-cgi 5.3.10-1ubuntu3.15

php5-xmlrpc 5.3.10-1ubuntu3.15

php5-curl 5.3.10-1ubuntu3.15

libapache2-mod-php5 5.3.10-1ubuntu3.15

php5-fpm 5.3.10-1ubuntu3.15

Ubuntu 10.04 LTS:

php5-cli 5.3.2-1ubuntu4.28

php5-cgi 5.3.2-1ubuntu4.28

libapache2-mod-php5 5.3.2-1ubuntu4.28

php5-curl 5.3.2-1ubuntu4.28

php5-xmlrpc 5.3.2-1ubuntu4.28

Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.14

External links

http://www.ubuntu.com/usn/usn-2391-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer overflow

EUVDB-ID: #VU16098

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-3669

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2. A remote attacker can trigger memory corruption via an argument to the unserialize function that triggers calculation of a large length value and cause the service to crash or execute arbitrary code.

Mitigation

Ubuntu 14.10:

php5-cli 5.5.12+dfsg-2ubuntu4.1

php5-cgi 5.5.12+dfsg-2ubuntu4.1

php5-xmlrpc 5.5.12+dfsg-2ubuntu4.1

php5-curl 5.5.12+dfsg-2ubuntu4.1

libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.1

php5-fpm 5.5.12+dfsg-2ubuntu4.1

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.5

php5-cgi 5.5.9+dfsg-1ubuntu4.5

php5-xmlrpc 5.5.9+dfsg-1ubuntu4.5

php5-curl 5.5.9+dfsg-1ubuntu4.5

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.5

php5-fpm 5.5.9+dfsg-1ubuntu4.5

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.15

php5-cgi 5.3.10-1ubuntu3.15

php5-xmlrpc 5.3.10-1ubuntu3.15

php5-curl 5.3.10-1ubuntu3.15

libapache2-mod-php5 5.3.10-1ubuntu3.15

php5-fpm 5.3.10-1ubuntu3.15

Ubuntu 10.04 LTS:

php5-cli 5.3.2-1ubuntu4.28

php5-cgi 5.3.2-1ubuntu4.28

libapache2-mod-php5 5.3.2-1ubuntu4.28

php5-curl 5.3.2-1ubuntu4.28

php5-xmlrpc 5.3.2-1ubuntu4.28

Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.14

External links

http://www.ubuntu.com/usn/usn-2391-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

EUVDB-ID: #VU16099

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-3670

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow when exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly. A remote attacker can trigger memory corruption via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function and cause the application to crash or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Ubuntu 14.10:

php5-cli 5.5.12+dfsg-2ubuntu4.1

php5-cgi 5.5.12+dfsg-2ubuntu4.1

php5-xmlrpc 5.5.12+dfsg-2ubuntu4.1

php5-curl 5.5.12+dfsg-2ubuntu4.1

libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.1

php5-fpm 5.5.12+dfsg-2ubuntu4.1

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.5

php5-cgi 5.5.9+dfsg-1ubuntu4.5

php5-xmlrpc 5.5.9+dfsg-1ubuntu4.5

php5-curl 5.5.9+dfsg-1ubuntu4.5

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.5

php5-fpm 5.5.9+dfsg-1ubuntu4.5

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.15

php5-cgi 5.3.10-1ubuntu3.15

php5-xmlrpc 5.3.10-1ubuntu3.15

php5-curl 5.3.10-1ubuntu3.15

libapache2-mod-php5 5.3.10-1ubuntu3.15

php5-fpm 5.3.10-1ubuntu3.15

Ubuntu 10.04 LTS:

php5-cli 5.3.2-1ubuntu4.28

php5-cgi 5.3.2-1ubuntu4.28

libapache2-mod-php5 5.3.2-1ubuntu4.28

php5-curl 5.3.2-1ubuntu4.28

php5-xmlrpc 5.3.2-1ubuntu4.28

Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.14

External links

http://www.ubuntu.com/usn/usn-2391-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU3892

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-3710

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present. A remote attacker can trigger out-of-bounds read and cause the application to crash via a crafted ELF file.

Mitigation

Ubuntu 14.10:

php5-cli 5.5.12+dfsg-2ubuntu4.1

php5-cgi 5.5.12+dfsg-2ubuntu4.1

php5-xmlrpc 5.5.12+dfsg-2ubuntu4.1

php5-curl 5.5.12+dfsg-2ubuntu4.1

libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.1

php5-fpm 5.5.12+dfsg-2ubuntu4.1

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.5

php5-cgi 5.5.9+dfsg-1ubuntu4.5

php5-xmlrpc 5.5.9+dfsg-1ubuntu4.5

php5-curl 5.5.9+dfsg-1ubuntu4.5

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.5

php5-fpm 5.5.9+dfsg-1ubuntu4.5

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.15

php5-cgi 5.3.10-1ubuntu3.15

php5-xmlrpc 5.3.10-1ubuntu3.15

php5-curl 5.3.10-1ubuntu3.15

libapache2-mod-php5 5.3.10-1ubuntu3.15

php5-fpm 5.3.10-1ubuntu3.15

Ubuntu 10.04 LTS:

php5-cli 5.3.2-1ubuntu4.28

php5-cgi 5.3.2-1ubuntu4.28

libapache2-mod-php5 5.3.2-1ubuntu4.28

php5-curl 5.3.2-1ubuntu4.28

php5-xmlrpc 5.3.2-1ubuntu4.28

Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.14

External links

http://www.ubuntu.com/usn/usn-2391-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.