UBUNTU-CVE-2016-9138

Source
https://ubuntu.com/security/CVE-2016-9138
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-9138.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-9138
Related
Published
2017-01-04T20:59:00Z
Modified
2024-12-18T16:40:54Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::toString with DateInterval::__wakeup.

References

Affected packages

Ubuntu:Pro:14.04:LTS / php5

Package

Name
php5
Purl
pkg:deb/ubuntu/php5?arch=src?distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.5.3+dfsg-1ubuntu2
5.5.3+dfsg-1ubuntu3
5.5.6+dfsg-1ubuntu1
5.5.6+dfsg-1ubuntu2
5.5.8+dfsg-2ubuntu1
5.5.9+dfsg-1ubuntu1
5.5.9+dfsg-1ubuntu2
5.5.9+dfsg-1ubuntu3
5.5.9+dfsg-1ubuntu4
5.5.9+dfsg-1ubuntu4.1
5.5.9+dfsg-1ubuntu4.2
5.5.9+dfsg-1ubuntu4.3
5.5.9+dfsg-1ubuntu4.4
5.5.9+dfsg-1ubuntu4.5
5.5.9+dfsg-1ubuntu4.6
5.5.9+dfsg-1ubuntu4.7
5.5.9+dfsg-1ubuntu4.9
5.5.9+dfsg-1ubuntu4.11
5.5.9+dfsg-1ubuntu4.12
5.5.9+dfsg-1ubuntu4.13
5.5.9+dfsg-1ubuntu4.14
5.5.9+dfsg-1ubuntu4.16
5.5.9+dfsg-1ubuntu4.17
5.5.9+dfsg-1ubuntu4.19
5.5.9+dfsg-1ubuntu4.20
5.5.9+dfsg-1ubuntu4.21
5.5.9+dfsg-1ubuntu4.22
5.5.9+dfsg-1ubuntu4.23
5.5.9+dfsg-1ubuntu4.24
5.5.9+dfsg-1ubuntu4.25
5.5.9+dfsg-1ubuntu4.26
5.5.9+dfsg-1ubuntu4.27
5.5.9+dfsg-1ubuntu4.29
5.5.9+dfsg-1ubuntu4.29+esm5
5.5.9+dfsg-1ubuntu4.29+esm6
5.5.9+dfsg-1ubuntu4.29+esm8
5.5.9+dfsg-1ubuntu4.29+esm10
5.5.9+dfsg-1ubuntu4.29+esm11
5.5.9+dfsg-1ubuntu4.29+esm12
5.5.9+dfsg-1ubuntu4.29+esm13
5.5.9+dfsg-1ubuntu4.29+esm14
5.5.9+dfsg-1ubuntu4.29+esm15

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / php7.0

Package

Name
php7.0
Purl
pkg:deb/ubuntu/php7.0?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0.1-5
7.0.1-6
7.0.2-1
7.0.2-3
7.0.2-4
7.0.2-5
7.0.3-2
7.0.3-3
7.0.3-9ubuntu1
7.0.4-5ubuntu1
7.0.4-5ubuntu2
7.0.4-7ubuntu1
7.0.4-7ubuntu2
7.0.4-7ubuntu2.1
7.0.8-0ubuntu0.16.04.1
7.0.8-0ubuntu0.16.04.2
7.0.8-0ubuntu0.16.04.3
7.0.13-0ubuntu0.16.04.1
7.0.15-0ubuntu0.16.04.1
7.0.15-0ubuntu0.16.04.2
7.0.15-0ubuntu0.16.04.4
7.0.18-0ubuntu0.16.04.1
7.0.22-0ubuntu0.16.04.1
7.0.25-0ubuntu0.16.04.1
7.0.28-0ubuntu0.16.04.1
7.0.30-0ubuntu0.16.04.1
7.0.32-0ubuntu0.16.04.1
7.0.33-0ubuntu0.16.04.1
7.0.33-0ubuntu0.16.04.2
7.0.33-0ubuntu0.16.04.3
7.0.33-0ubuntu0.16.04.4
7.0.33-0ubuntu0.16.04.5
7.0.33-0ubuntu0.16.04.6
7.0.33-0ubuntu0.16.04.7
7.0.33-0ubuntu0.16.04.9
7.0.33-0ubuntu0.16.04.11
7.0.33-0ubuntu0.16.04.12
7.0.33-0ubuntu0.16.04.14
7.0.33-0ubuntu0.16.04.15
7.0.33-0ubuntu0.16.04.16
7.0.33-0ubuntu0.16.04.16+esm1
7.0.33-0ubuntu0.16.04.16+esm2
7.0.33-0ubuntu0.16.04.16+esm3
7.0.33-0ubuntu0.16.04.16+esm4
7.0.33-0ubuntu0.16.04.16+esm5
7.0.33-0ubuntu0.16.04.16+esm6
7.0.33-0ubuntu0.16.04.16+esm7
7.0.33-0ubuntu0.16.04.16+esm8
7.0.33-0ubuntu0.16.04.16+esm9
7.0.33-0ubuntu0.16.04.16+esm10
7.0.33-0ubuntu0.16.04.16+esm11
7.0.33-0ubuntu0.16.04.16+esm12
7.0.33-0ubuntu0.16.04.16+esm13

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / php7.2

Package

Name
php7.2
Purl
pkg:deb/ubuntu/php7.2?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.2.1-1ubuntu2
7.2.2-1ubuntu1
7.2.2-1ubuntu2
7.2.3-1ubuntu1
7.2.5-0ubuntu0.18.04.1
7.2.7-0ubuntu0.18.04.1
7.2.7-0ubuntu0.18.04.2
7.2.10-0ubuntu0.18.04.1
7.2.15-0ubuntu0.18.04.1
7.2.15-0ubuntu0.18.04.2
7.2.17-0ubuntu0.18.04.1
7.2.19-0ubuntu0.18.04.1
7.2.19-0ubuntu0.18.04.2
7.2.24-0ubuntu0.18.04.1
7.2.24-0ubuntu0.18.04.2
7.2.24-0ubuntu0.18.04.3
7.2.24-0ubuntu0.18.04.4
7.2.24-0ubuntu0.18.04.6
7.2.24-0ubuntu0.18.04.7
7.2.24-0ubuntu0.18.04.8
7.2.24-0ubuntu0.18.04.9
7.2.24-0ubuntu0.18.04.10
7.2.24-0ubuntu0.18.04.11
7.2.24-0ubuntu0.18.04.12
7.2.24-0ubuntu0.18.04.13
7.2.24-0ubuntu0.18.04.15
7.2.24-0ubuntu0.18.04.16
7.2.24-0ubuntu0.18.04.17
7.2.24-0ubuntu0.18.04.17+esm1
7.2.24-0ubuntu0.18.04.17+esm2
7.2.24-0ubuntu0.18.04.17+esm3
7.2.24-0ubuntu0.18.04.17+esm4
7.2.24-0ubuntu0.18.04.17+esm5
7.2.24-0ubuntu0.18.04.17+esm6
7.2.24-0ubuntu0.18.04.17+esm7

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / php7.4

Package

Name
php7.4
Purl
pkg:deb/ubuntu/php7.4?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.4.3-4build1
7.4.3-4build2
7.4.3-4ubuntu1
7.4.3-4ubuntu1.1
7.4.3-4ubuntu2.2
7.4.3-4ubuntu2.4
7.4.3-4ubuntu2.5
7.4.3-4ubuntu2.6
7.4.3-4ubuntu2.7
7.4.3-4ubuntu2.8
7.4.3-4ubuntu2.9
7.4.3-4ubuntu2.10
7.4.3-4ubuntu2.11
7.4.3-4ubuntu2.12
7.4.3-4ubuntu2.13
7.4.3-4ubuntu2.15
7.4.3-4ubuntu2.16
7.4.3-4ubuntu2.17
7.4.3-4ubuntu2.18
7.4.3-4ubuntu2.19
7.4.3-4ubuntu2.20
7.4.3-4ubuntu2.22
7.4.3-4ubuntu2.23
7.4.3-4ubuntu2.24
7.4.3-4ubuntu2.26
7.4.3-4ubuntu2.28

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / php8.1

Package

Name
php8.1
Purl
pkg:deb/ubuntu/php8.1?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.1.0~rc4-1ubuntu2
8.1.0-1
8.1.2-1ubuntu1
8.1.2-1ubuntu2
8.1.2-1ubuntu2.1
8.1.2-1ubuntu2.2
8.1.2-1ubuntu2.3
8.1.2-1ubuntu2.4
8.1.2-1ubuntu2.5
8.1.2-1ubuntu2.6
8.1.2-1ubuntu2.8
8.1.2-1ubuntu2.9
8.1.2-1ubuntu2.10
8.1.2-1ubuntu2.11
8.1.2-1ubuntu2.13
8.1.2-1ubuntu2.14
8.1.2-1ubuntu2.15
8.1.2-1ubuntu2.17
8.1.2-1ubuntu2.18
8.1.2-1ubuntu2.19
8.1.2-1ubuntu2.20

Ecosystem specific

{
    "ubuntu_priority": "low"
}