Ubuntu update for PHP

1) Resource exhaustion

EUVDB-ID: #VU3894

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2014-8117

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to resource exhaustion when softmagic.c in file before 5.21 does not properly limit recursion. A remote attacker can trigger CPU consumption and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.16

CPE2.3

• cpe:2.3:o:canonical:php5_ubuntu_package:5.3.2-1ubuntu4.1:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:php5_ubuntu_package:5.3.2-1ubuntu4.2:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:php5_ubuntu_package:5.3.2-1ubuntu4.5:*:*:*:*:ubuntu:*:*

External links

https://www.ubuntu.com/usn/usn-2535-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU16106

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2014-9705

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6. A remote attacker can trigger memory corruption via vectors that trigger creation of multiple dictionaries and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.16

CPE2.3

• cpe:2.3:o:canonical:php5_ubuntu_package:5.3.2-1ubuntu4.1:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:php5_ubuntu_package:5.3.2-1ubuntu4.2:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:php5_ubuntu_package:5.3.2-1ubuntu4.5:*:*:*:*:ubuntu:*:*

External links

https://www.ubuntu.com/usn/usn-2535-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free error

EUVDB-ID: #VU16107

Risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2015-0273

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6. A remote attacker can trigger memory corruption via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.16

CPE2.3

• cpe:2.3:o:canonical:php5_ubuntu_package:5.3.2-1ubuntu4.1:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:php5_ubuntu_package:5.3.2-1ubuntu4.2:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:php5_ubuntu_package:5.3.2-1ubuntu4.5:*:*:*:*:ubuntu:*:*

External links

https://www.ubuntu.com/usn/usn-2535-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Use-after-free error

EUVDB-ID: #VU16108

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2015-2301

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6. A remote attacker can trigger memory corruption via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

php5 (Ubuntu package): 5.3.2-1ubuntu4.1 - 5.3.10-1ubuntu3.16

CPE2.3

• cpe:2.3:o:canonical:php5_ubuntu_package:5.3.2-1ubuntu4.1:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:php5_ubuntu_package:5.3.2-1ubuntu4.2:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:php5_ubuntu_package:5.3.2-1ubuntu4.5:*:*:*:*:ubuntu:*:*

External links

https://www.ubuntu.com/usn/usn-2535-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.