 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.843281 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-3382-1) |
| Summary: | The remote host is missing an update for the 'php5, php7.0' package(s) announced via the USN-3382-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'php5, php7.0' package(s) announced via the USN-3382-1 advisory. Vulnerability Insight: It was discovered that the PHP opcache created keys for files it cached based on their filepath. A local attacker could possibly use this issue in a shared hosting environment to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8994) It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10397) It was discovered that PHP incorrectly handled certain boolean parameters when unserializing data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11143) Sebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP incorrectly handled the OpenSSL sealing function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11144) Wei Lei and Liu Yang discovered that the PHP date extension incorrectly handled memory. A remote attacker could possibly use this issue to disclose sensitive information from the server. (CVE-2017-11145) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or disclose sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2017-11147) It was discovered that PHP incorrectly handled locale length. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11362) Wei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini files. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11628) It was discovered that PHP mbstring incorrectly handled certain regular expressions. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) Affected Software/OS: 'php5, php7.0' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 17.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-8994 http://marc.info/?l=php-internals&m=147876797317925&w=2 http://marc.info/?l=php-internals&m=147921016724565&w=2 http://openwall.com/lists/oss-security/2017/02/28/1 http://seclists.org/oss-sec/2016/q4/343 http://seclists.org/oss-sec/2017/q1/520 https://bugs.php.net/bug.php?id=69090 https://ma.ttias.be/a-better-way-to-run-php-fpm/ Common Vulnerability Exposure (CVE) ID: CVE-2016-10397 BugTraq ID: 99552 http://www.securityfocus.com/bid/99552 Common Vulnerability Exposure (CVE) ID: CVE-2017-11143 BugTraq ID: 99553 http://www.securityfocus.com/bid/99553 Debian Security Information: DSA-4081 (Google Search) https://www.debian.org/security/2018/dsa-4081 RedHat Security Advisories: RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296 Common Vulnerability Exposure (CVE) ID: CVE-2017-11144 Debian Security Information: DSA-4080 (Google Search) https://www.debian.org/security/2018/dsa-4080 Common Vulnerability Exposure (CVE) ID: CVE-2017-11145 BugTraq ID: 99550 http://www.securityfocus.com/bid/99550 https://gist.github.com/anonymous/bd77ac90d3bdf31ce2a5251ad92e9e75 Common Vulnerability Exposure (CVE) ID: CVE-2017-11147 BugTraq ID: 99607 http://www.securityfocus.com/bid/99607 Common Vulnerability Exposure (CVE) ID: CVE-2017-11362 https://security.gentoo.org/glsa/201709-21 https://bugs.php.net/bug.php?id=73473 https://usn.ubuntu.com/3566-2/ Common Vulnerability Exposure (CVE) ID: CVE-2017-11628 BugTraq ID: 99489 http://www.securityfocus.com/bid/99489 http://git.php.net/?p=php-src.git;a=commit;h=05255749139b3686c8a6a58ee01131ac0047465e http://git.php.net/?p=php-src.git;a=commit;h=5f8380d33e648964d2d5140f329cf2d4c443033c https://bugs.php.net/bug.php?id=74603 Common Vulnerability Exposure (CVE) ID: CVE-2017-9224 BugTraq ID: 101244 http://www.securityfocus.com/bid/101244 Common Vulnerability Exposure (CVE) ID: CVE-2017-9226 Common Vulnerability Exposure (CVE) ID: CVE-2017-9227 BugTraq ID: 100538 http://www.securityfocus.com/bid/100538 Common Vulnerability Exposure (CVE) ID: CVE-2017-9228 Common Vulnerability Exposure (CVE) ID: CVE-2017-9229 |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |