Ubuntu update for PHP

1) Buffer overflow

EUVDB-ID: #VU16134

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-9912

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when the get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component. A remote unauthenticated attacker can trigger buffer overflow and cause the service to crash via a locale_get_display_name call with a long first argument.

Mitigation

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.21

php5-cgi 5.5.9+dfsg-1ubuntu4.21

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.21

php5-fpm 5.5.9+dfsg-1ubuntu4.21

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.26

php5-cgi 5.3.10-1ubuntu3.26

libapache2-mod-php5 5.3.10-1ubuntu3.26

php5-fpm 5.3.10-1ubuntu3.26

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.25

External links

http://www.ubuntu.com/usn/usn-3196-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Infinite loop

EUVDB-ID: #VU16135

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-7478

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to infinite loop in zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13. A remote attacker can trigger infinite loop and cause the service to crash via a crafted Exception object in serialized data.

Mitigation

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.21

php5-cgi 5.5.9+dfsg-1ubuntu4.21

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.21

php5-fpm 5.5.9+dfsg-1ubuntu4.21

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.26

php5-cgi 5.3.10-1ubuntu3.26

libapache2-mod-php5 5.3.10-1ubuntu3.26

php5-fpm 5.3.10-1ubuntu3.26

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.25

External links

http://www.ubuntu.com/usn/usn-3196-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Use-after-free error

EUVDB-ID: #VU12900

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-7479

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to resizing the 'properties' hash table of a serialized object during the unserialization process. A remote attacker can trigger use-after-free error and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.21

php5-cgi 5.5.9+dfsg-1ubuntu4.21

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.21

php5-fpm 5.5.9+dfsg-1ubuntu4.21

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.26

php5-cgi 5.3.10-1ubuntu3.26

libapache2-mod-php5 5.3.10-1ubuntu3.26

php5-fpm 5.3.10-1ubuntu3.26

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.25

External links

http://www.ubuntu.com/usn/usn-3196-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Use-after-free

EUVDB-ID: #VU16136

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9137

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to use-after-free error in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12. A remote attacker can cause a denial of service via specially crafted serialized data that is mishandled during __wakeup processing.

Mitigation

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.21

php5-cgi 5.5.9+dfsg-1ubuntu4.21

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.21

php5-fpm 5.5.9+dfsg-1ubuntu4.21

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.26

php5-cgi 5.3.10-1ubuntu3.26

libapache2-mod-php5 5.3.10-1ubuntu3.26

php5-fpm 5.3.10-1ubuntu3.26

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.25

External links

http://www.ubuntu.com/usn/usn-3196-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU12902

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9934

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in ext/wddx/wddx.c due to NULL pointer dereference. A remote attacker can submit crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string, and cause the service to crash.

Mitigation

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.21

php5-cgi 5.5.9+dfsg-1ubuntu4.21

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.21

php5-fpm 5.5.9+dfsg-1ubuntu4.21

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.26

php5-cgi 5.3.10-1ubuntu3.26

libapache2-mod-php5 5.3.10-1ubuntu3.26

php5-fpm 5.3.10-1ubuntu3.26

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.25

External links

http://www.ubuntu.com/usn/usn-3196-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU12903

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9935

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the php_wddx_push_element function in ext/wddx/wddx.c due to out-of-bounds read. A remote attacker can submit an empty boolean element in a wddxPacket XML document and cause the service to crash.

Mitigation

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.21

php5-cgi 5.5.9+dfsg-1ubuntu4.21

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.21

php5-fpm 5.5.9+dfsg-1ubuntu4.21

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.26

php5-cgi 5.3.10-1ubuntu3.26

libapache2-mod-php5 5.3.10-1ubuntu3.26

php5-fpm 5.3.10-1ubuntu3.26

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.25

External links

http://www.ubuntu.com/usn/usn-3196-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Incorrect calculation

EUVDB-ID: #VU12905

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10158

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the exif_convert_any_to_int function in ext/exif/exif.c due to numeric errors. A remote attacker can submit specially crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1 and cause the service to crash.

Mitigation

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.21

php5-cgi 5.5.9+dfsg-1ubuntu4.21

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.21

php5-fpm 5.5.9+dfsg-1ubuntu4.21

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.26

php5-cgi 5.3.10-1ubuntu3.26

libapache2-mod-php5 5.3.10-1ubuntu3.26

php5-fpm 5.3.10-1ubuntu3.26

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.25

External links

http://www.ubuntu.com/usn/usn-3196-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer overflow

EUVDB-ID: #VU12906

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10159

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the phar_parse_pharfile function in ext/phar/phar.c due to integer overflow. A remote attacker can submit a truncated manifest entry in a PHAR archive and cause the service to crash.

Mitigation

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.21

php5-cgi 5.5.9+dfsg-1ubuntu4.21

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.21

php5-fpm 5.5.9+dfsg-1ubuntu4.21

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.26

php5-cgi 5.3.10-1ubuntu3.26

libapache2-mod-php5 5.3.10-1ubuntu3.26

php5-fpm 5.3.10-1ubuntu3.26

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.25

External links

http://www.ubuntu.com/usn/usn-3196-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Off-by-one error

EUVDB-ID: #VU12907

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10160

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the phar_parse_pharfile function in ext/phar/phar.c due to off-by-one error. A remote attacker can submit a specially crafted PHAR archive with an alias mismatch and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.21

php5-cgi 5.5.9+dfsg-1ubuntu4.21

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.21

php5-fpm 5.5.9+dfsg-1ubuntu4.21

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.26

php5-cgi 5.3.10-1ubuntu3.26

libapache2-mod-php5 5.3.10-1ubuntu3.26

php5-fpm 5.3.10-1ubuntu3.26

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.25

External links

http://www.ubuntu.com/usn/usn-3196-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer over-read

EUVDB-ID: #VU12908

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10161

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the object_common1 function in ext/standard/var_unserializer.c due to buffer over-read. A remote attacker can submit specially crafted serialized data that is mishandled in a finish_nested_data call and cause the service to crash.

Mitigation

Ubuntu 14.04 LTS:

php5-cli 5.5.9+dfsg-1ubuntu4.21

php5-cgi 5.5.9+dfsg-1ubuntu4.21

libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.21

php5-fpm 5.5.9+dfsg-1ubuntu4.21

Ubuntu 12.04 LTS:

php5-cli 5.3.10-1ubuntu3.26

php5-cgi 5.3.10-1ubuntu3.26

libapache2-mod-php5 5.3.10-1ubuntu3.26

php5-fpm 5.3.10-1ubuntu3.26

Vulnerable software versions

php5 (Ubuntu package): 5.3.10-1ubuntu3.1 - 5.3.10-1ubuntu3.25

External links

http://www.ubuntu.com/usn/usn-3196-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.