USN-2984-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-2984-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2984-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-2984-1

Related

Published

2016-05-24T17:31:16.121794Z

Modified

2016-05-24T17:31:16.121794Z

Summary

php5, php7.0 vulnerabilities

Details

It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)

Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3078)

It was discovered that PHP incorrectly handled invalid indexes in the SplDoublyLinkedList class. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)

It was discovered that the PHP rawurlencode() function incorrectly handled large strings. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4070)

It was discovered that the PHP phpsnmperror() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)

It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072)

It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)

It was discovered that the PHP phar extension incorrectly handled certain archive files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-4342, CVE-2016-4343)

It was discovered that the PHP bcpowmod() function incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4537, CVE-2016-4538)

It was discovered that the PHP XML parser incorrectly handled certain malformed XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4539)

It was discovered that certain PHP grapheme functions incorrectly handled negative offsets. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-4540, CVE-2016-4541)

It was discovered that PHP incorrectly handled certain malformed EXIF tags. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)

References

Affected packages

Ubuntu:14.04:LTS / php5

Package

Name: php5
Purl: pkg:deb/ubuntu/php5@5.5.9+dfsg-1ubuntu4.17?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.5.9+dfsg-1ubuntu4.17

Affected versions

5.*

5.5.3+dfsg-1ubuntu2

5.5.3+dfsg-1ubuntu3

5.5.6+dfsg-1ubuntu1

5.5.6+dfsg-1ubuntu2

5.5.8+dfsg-2ubuntu1

5.5.9+dfsg-1ubuntu1

5.5.9+dfsg-1ubuntu2

5.5.9+dfsg-1ubuntu3

5.5.9+dfsg-1ubuntu4

5.5.9+dfsg-1ubuntu4.1

5.5.9+dfsg-1ubuntu4.2

5.5.9+dfsg-1ubuntu4.3

5.5.9+dfsg-1ubuntu4.4

5.5.9+dfsg-1ubuntu4.5

5.5.9+dfsg-1ubuntu4.6

5.5.9+dfsg-1ubuntu4.7

5.5.9+dfsg-1ubuntu4.9

5.5.9+dfsg-1ubuntu4.11

5.5.9+dfsg-1ubuntu4.12

5.5.9+dfsg-1ubuntu4.13

5.5.9+dfsg-1ubuntu4.14

5.5.9+dfsg-1ubuntu4.16

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "php5-gd": "5.5.9+dfsg-1ubuntu4.17",
            "libphp5-embed": "5.5.9+dfsg-1ubuntu4.17",
            "php5-gmp-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-mysqlnd": "5.5.9+dfsg-1ubuntu4.17",
            "php5-cli": "5.5.9+dfsg-1ubuntu4.17",
            "php5-common-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-fpm": "5.5.9+dfsg-1ubuntu4.17",
            "php5-pspell": "5.5.9+dfsg-1ubuntu4.17",
            "php5-mysql": "5.5.9+dfsg-1ubuntu4.17",
            "php5-ldap": "5.5.9+dfsg-1ubuntu4.17",
            "php5-pgsql": "5.5.9+dfsg-1ubuntu4.17",
            "php5-readline": "5.5.9+dfsg-1ubuntu4.17",
            "php5-common": "5.5.9+dfsg-1ubuntu4.17",
            "php5-dev": "5.5.9+dfsg-1ubuntu4.17",
            "php5-readline-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "libapache2-mod-php5filter": "5.5.9+dfsg-1ubuntu4.17",
            "php5": "5.5.9+dfsg-1ubuntu4.17",
            "php5-sybase": "5.5.9+dfsg-1ubuntu4.17",
            "php5-gmp": "5.5.9+dfsg-1ubuntu4.17",
            "php5-tidy-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-cgi": "5.5.9+dfsg-1ubuntu4.17",
            "php5-curl-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-pspell-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-intl-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "libapache2-mod-php5-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-recode": "5.5.9+dfsg-1ubuntu4.17",
            "php5-ldap-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-enchant-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-odbc-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-pgsql-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-gd-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-snmp-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-fpm-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-tidy": "5.5.9+dfsg-1ubuntu4.17",
            "libapache2-mod-php5filter-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-dbg": "5.5.9+dfsg-1ubuntu4.17",
            "php-pear": "5.5.9+dfsg-1ubuntu4.17",
            "libphp5-embed-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-xmlrpc-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-sybase-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-curl": "5.5.9+dfsg-1ubuntu4.17",
            "php5-cli-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-xsl": "5.5.9+dfsg-1ubuntu4.17",
            "php5-enchant": "5.5.9+dfsg-1ubuntu4.17",
            "php5-dev-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-odbc": "5.5.9+dfsg-1ubuntu4.17",
            "php5-recode-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-mysql-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-mysqlnd-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-sqlite-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "libapache2-mod-php5": "5.5.9+dfsg-1ubuntu4.17",
            "php5-snmp": "5.5.9+dfsg-1ubuntu4.17",
            "php5-xsl-dbgsym": "5.5.9+dfsg-1ubuntu4.17",
            "php5-intl": "5.5.9+dfsg-1ubuntu4.17",
            "php5-sqlite": "5.5.9+dfsg-1ubuntu4.17",
            "php5-xmlrpc": "5.5.9+dfsg-1ubuntu4.17",
            "php5-cgi-dbgsym": "5.5.9+dfsg-1ubuntu4.17"
        }
    ]
}

Ubuntu:16.04:LTS / php7.0

Package

Name: php7.0
Purl: pkg:deb/ubuntu/php7.0@7.0.4-7ubuntu2.1?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.4-7ubuntu2.1

Affected versions

7.*

7.0.1-5

7.0.1-6

7.0.2-1

7.0.2-3

7.0.2-4

7.0.2-5

7.0.3-2

7.0.3-3

7.0.3-9ubuntu1

7.0.4-5ubuntu1

7.0.4-5ubuntu2

7.0.4-7ubuntu1

7.0.4-7ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "php7.0-mcrypt-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-enchant": "7.0.4-7ubuntu2.1",
            "php7.0-xsl": "7.0.4-7ubuntu2.1",
            "php7.0-intl": "7.0.4-7ubuntu2.1",
            "php7.0-mysql": "7.0.4-7ubuntu2.1",
            "php7.0-pgsql-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-readline": "7.0.4-7ubuntu2.1",
            "php7.0-zip": "7.0.4-7ubuntu2.1",
            "php7.0-soap": "7.0.4-7ubuntu2.1",
            "php7.0-mcrypt": "7.0.4-7ubuntu2.1",
            "php7.0-gd": "7.0.4-7ubuntu2.1",
            "libphp7.0-embed": "7.0.4-7ubuntu2.1",
            "php7.0-interbase": "7.0.4-7ubuntu2.1",
            "php7.0": "7.0.4-7ubuntu2.1",
            "php7.0-imap": "7.0.4-7ubuntu2.1",
            "php7.0-xmlrpc-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-ldap-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-opcache": "7.0.4-7ubuntu2.1",
            "php7.0-bz2-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-opcache-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-json": "7.0.4-7ubuntu2.1",
            "php7.0-fpm": "7.0.4-7ubuntu2.1",
            "libapache2-mod-php7.0-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-xml": "7.0.4-7ubuntu2.1",
            "php7.0-tidy": "7.0.4-7ubuntu2.1",
            "php7.0-common-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-sqlite3": "7.0.4-7ubuntu2.1",
            "php7.0-bcmath-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-bcmath": "7.0.4-7ubuntu2.1",
            "php7.0-common": "7.0.4-7ubuntu2.1",
            "php7.0-mysql-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-odbc-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-gmp-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-cgi": "7.0.4-7ubuntu2.1",
            "php7.0-phpdbg-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-json-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-readline-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-pspell": "7.0.4-7ubuntu2.1",
            "php7.0-mbstring-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-tidy-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-cli-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-curl-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-cgi-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-enchant-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-odbc": "7.0.4-7ubuntu2.1",
            "php7.0-soap-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-recode": "7.0.4-7ubuntu2.1",
            "libphp7.0-embed-dbgsym": "7.0.4-7ubuntu2.1",
            "libapache2-mod-php7.0": "7.0.4-7ubuntu2.1",
            "php7.0-interbase-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-fpm-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-pspell-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-imap-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-gmp": "7.0.4-7ubuntu2.1",
            "php7.0-recode-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-sybase-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-ldap": "7.0.4-7ubuntu2.1",
            "php7.0-snmp": "7.0.4-7ubuntu2.1",
            "php7.0-intl-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-pgsql": "7.0.4-7ubuntu2.1",
            "php7.0-sqlite3-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-curl": "7.0.4-7ubuntu2.1",
            "php7.0-xmlrpc": "7.0.4-7ubuntu2.1",
            "php7.0-dev": "7.0.4-7ubuntu2.1",
            "php7.0-snmp-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-bz2": "7.0.4-7ubuntu2.1",
            "php7.0-zip-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-cli": "7.0.4-7ubuntu2.1",
            "php7.0-xml-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-mbstring": "7.0.4-7ubuntu2.1",
            "php7.0-sybase": "7.0.4-7ubuntu2.1",
            "php7.0-gd-dbgsym": "7.0.4-7ubuntu2.1",
            "php7.0-phpdbg": "7.0.4-7ubuntu2.1"
        }
    ]
}