CVE-2015-4116 Ubuntu Security Notification for Php5, Php7.0 Vulnerabilities (USN-3045-1)漏洞银行丨0DAY BANK

2016年8月12日 2402点热度 0人点赞 0条评论

漏洞信息

It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations.

It was discovered that PHP incorrectly handled recursive method calls.

It was discovered that PHP incorrectly validated certain Exception objects when unserializing data.

It was discovered that PHP header() function performed insufficient filtering for Internet Explorer.

It was discovered that PHP incorrectly handled certain locale operations.

It was discovered that the PHP php_html_entities() function incorrectly handled certain string lengths.

It was discovered that the PHP fread() function incorrectly handled certain lengths.

It was discovered that the PHP FastCGI Process Manager (FPM) SAPI incorrectly handled memory in the access logging feature.

It was discovered that PHP would not protect applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests.

It was discovered that the PHP bzread() function incorrectly performed error handling.

It was discovered that certain PHP multibyte string functions incorrectly handled memory.

It was discovered that the PHP Mcrypt extension incorrectly handled memory.

It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing malicious data.

It was discovered that PHP incorrectly handled memory when unserializing malicious xml data.

It was discovered that the PHP php_url_parse_ex() function incorrectly handled string termination.

It was discovered that PHP incorrectly handled path lengths when extracting certain Zip archives.

It was discovered that PHP incorrectly handled session deserialization.

It was discovered that PHP incorrectly handled exif headers when processing certain JPEG images.

It was discovered that PHP incorrectly handled certain locale operations.

It was discovered that the PHP garbage collector incorrectly handled certain objects when unserializing SNMP data.

It was discovered that the PHP xmlrpc_encode_request() function incorrectly handled certain lengths.

It was discovered that the PHP php_stream_zip_opener() function incorrectly handled memory.

漏洞危害

A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-4116)

A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873)

A remote attacker could possibly use this issue to perform a XSS attack. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935)

An attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093)

An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5096)

An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)

A remote attacker could possibly use this issue in combination with scripts that honour the HTTP_PROXY variable to redirect outgoing HTTP requests. (CVE-2016-5385)

A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-5399)

A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-5768)

A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)

A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6289)

A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6290)

A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6291,CVE-2016-6292,CVE-2016-6294)

A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6295)

An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-6296,CVE-2016-6297)

解决方案

Refer to Ubuntu advisory USN-3045-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3045-1: 16.04 (Xenial) on src (php7.0-cli)

USN-3045-1: 14.04 (Kylin) on src (php5-cgi)

USN-3045-1: 14.04 (Kylin) on src (libapache2-mod-php5)

USN-3045-1: 12.04 (Precise) on src (php5-cli)

USN-3045-1: 12.04 (Precise) on src (php5-fpm)

USN-3045-1: 14.04 (Kylin) on src (php5-cli)

USN-3045-1: 16.04 (Xenial) on src (php7.0-cgi)

USN-3045-1: 16.04 (Xenial) on src (libapache2-mod-php7.0)

USN-3045-1: 12.04 (Precise) on src (libapache2-mod-php5)