 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.843051 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-3196-1) |
| Summary: | The remote host is missing an update for the 'php5' package(s) announced via the USN-3196-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'php5' package(s) announced via the USN-3196-1 advisory. Vulnerability Insight: It was discovered that PHP incorrectly handled certain arguments to the locale_get_display_name function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-9912) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2016-7478) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-9934) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) Affected Software/OS: 'php5' package(s) on Ubuntu 12.04, Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-9912 BugTraq ID: 68549 http://www.securityfocus.com/bid/68549 http://www.openwall.com/lists/oss-security/2016/11/25/1 Common Vulnerability Exposure (CVE) ID: CVE-2016-10158 BugTraq ID: 95764 http://www.securityfocus.com/bid/95764 Debian Security Information: DSA-3783 (Google Search) http://www.debian.org/security/2017/dsa-3783 https://security.gentoo.org/glsa/201702-29 RedHat Security Advisories: RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296 http://www.securitytracker.com/id/1037659 Common Vulnerability Exposure (CVE) ID: CVE-2016-10159 BugTraq ID: 95774 http://www.securityfocus.com/bid/95774 Common Vulnerability Exposure (CVE) ID: CVE-2016-10160 BugTraq ID: 95783 http://www.securityfocus.com/bid/95783 Common Vulnerability Exposure (CVE) ID: CVE-2016-10161 BugTraq ID: 95768 http://www.securityfocus.com/bid/95768 Common Vulnerability Exposure (CVE) ID: CVE-2016-7478 BugTraq ID: 95150 http://www.securityfocus.com/bid/95150 http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf https://bugs.php.net/bug.php?id=73093 https://www.youtube.com/watch?v=LDcaPstAuPk Common Vulnerability Exposure (CVE) ID: CVE-2016-7479 BugTraq ID: 95151 http://www.securityfocus.com/bid/95151 https://bugs.php.net/bug.php?id=73092 Common Vulnerability Exposure (CVE) ID: CVE-2016-9137 BugTraq ID: 93577 http://www.securityfocus.com/bid/93577 Debian Security Information: DSA-3698 (Google Search) http://www.debian.org/security/2016/dsa-3698 http://www.openwall.com/lists/oss-security/2016/11/01/2 Common Vulnerability Exposure (CVE) ID: CVE-2016-9934 BugTraq ID: 94845 http://www.securityfocus.com/bid/94845 http://www.openwall.com/lists/oss-security/2016/12/12/2 SuSE Security Announcement: openSUSE-SU-2016:3239 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html SuSE Security Announcement: openSUSE-SU-2017:0061 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html SuSE Security Announcement: openSUSE-SU-2017:0081 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9935 BugTraq ID: 94846 http://www.securityfocus.com/bid/94846 Debian Security Information: DSA-3737 (Google Search) http://www.debian.org/security/2016/dsa-3737 |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |