Debian update for php5



Published: 2018-01-11 | Updated: 2018-11-21
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2017-11142
CVE-2017-11143
CVE-2017-11144
CVE-2017-11145
CVE-2017-11628
CVE-2017-12933
CVE-2017-16642
CWE-ID CWE-20
CWE-502
CWE-284
CWE-125
CWE-121
Exploitation vector Network
Public exploit Public exploit code for vulnerability #7 is available.
Vulnerable software
Subscribe
php (Debian package)
Operating systems & Components / Operating system package or component

Vendor Debian

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU9960

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2017-11142

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper check for variable length in main/php_variables.c. A remote attacker can cause a CPU consumption denial of service attack by injecting long form variables.

Mitigation

Update the affected package to version: 5.6.33+dfsg-0+deb8u1.

Vulnerable software versions

php (Debian package): 5.6.0+dfsg-1 - 5.6.31+dfsg-0+deb8u1


CPE2.3 External links

http://www.debian.org/security/2018/dsa-4081

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Deserialization of untrusted data

EUVDB-ID: #VU9695

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-11143

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in parser.c function due to deserialization of untrusted data. A remote attacker can inject specially crafted XML file and crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected package to version: 5.6.33+dfsg-0+deb8u1.

Vulnerable software versions

php (Debian package): 5.6.0+dfsg-1 - 5.6.31+dfsg-0+deb8u1


CPE2.3 External links

http://www.debian.org/security/2018/dsa-4081

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Denial of service

EUVDB-ID: #VU9716

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-11144

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function. A remote attacker can trigger a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected package to version: 5.6.33+dfsg-0+deb8u1.

Vulnerable software versions

php (Debian package): 5.6.0+dfsg-1 - 5.6.31+dfsg-0+deb8u1


CPE2.3 External links

http://www.debian.org/security/2018/dsa-4081

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds read

EUVDB-ID: #VU8965

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-11145

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to out-of-bounds read in timelib_meridian(). A remote attacker can read arbitrary data on the target system.

Mitigation

Update the affected package to version: 5.6.33+dfsg-0+deb8u1.

Vulnerable software versions

php (Debian package): 5.6.0+dfsg-1 - 5.6.31+dfsg-0+deb8u1


CPE2.3 External links

http://www.debian.org/security/2018/dsa-4081

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Stack-based buffer overflow

EUVDB-ID: #VU7356

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-11628

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or potentially execute arbitrary code.

The weakness exists due to stack buffer overflow in PHP INI parsing API 2 when handling malicious input. A remote attacker can send specially crafted data, trigger stack buffer overflow in zend_ini_do_op() that may lead to out-of-bounds write, cause the application to crash or execute arbitrary code with web server privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected package to version: 5.6.33+dfsg-0+deb8u1.

Vulnerable software versions

php (Debian package): 5.6.0+dfsg-1 - 5.6.31+dfsg-0+deb8u1


CPE2.3 External links

http://www.debian.org/security/2018/dsa-4081

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Deserialization of untrusted data

EUVDB-ID: #VU9956

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-12933

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a buffer over-read while unserializing untrusted data in the finish_nested_data function in ext/standard/var_unserializer.re. A remote attacker can perform a denial of service attack.


Mitigation

Update the affected package to version: 5.6.33+dfsg-0+deb8u1.

Vulnerable software versions

php (Debian package): 5.6.0+dfsg-1 - 5.6.31+dfsg-0+deb8u1


CPE2.3 External links

http://www.debian.org/security/2018/dsa-4081

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Out-of-bounds read

EUVDB-ID: #VU8968

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-16642

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in timelib_meridian(). A remote attacker can cause the application to crash.

Mitigation

Update the affected package to version: 5.6.33+dfsg-0+deb8u1.

Vulnerable software versions

php (Debian package): 5.6.0+dfsg-1 - 5.6.31+dfsg-0+deb8u1


CPE2.3 External links

http://www.debian.org/security/2018/dsa-4081

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###