USN-2984-1

Source
https://ubuntu.com/security/notices/USN-2984-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2984-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-2984-1
Related
Published
2016-05-24T17:31:16.121794Z
Modified
2016-05-24T17:31:16.121794Z
Summary
php5, php7.0 vulnerabilities
Details

It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-8865)

Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3078)

It was discovered that PHP incorrectly handled invalid indexes in the SplDoublyLinkedList class. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3132)

It was discovered that the PHP rawurlencode() function incorrectly handled large strings. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4070)

It was discovered that the PHP phpsnmperror() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4071)

It was discovered that the PHP phar extension incorrectly handled certain filenames in archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4072)

It was discovered that the PHP mb_strcut() function incorrectly handled string formatting. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4073)

It was discovered that the PHP phar extension incorrectly handled certain archive files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2016-4342, CVE-2016-4343)

It was discovered that the PHP bcpowmod() function incorrectly handled memory. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4537, CVE-2016-4538)

It was discovered that the PHP XML parser incorrectly handled certain malformed XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-4539)

It was discovered that certain PHP grapheme functions incorrectly handled negative offsets. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-4540, CVE-2016-4541)

It was discovered that PHP incorrectly handled certain malformed EXIF tags. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)

References

Affected packages

Ubuntu:14.04:LTS / php5

Package

Name
php5
Purl
pkg:deb/ubuntu/php5?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.5.9+dfsg-1ubuntu4.17

Affected versions

5.*

5.5.3+dfsg-1ubuntu2
5.5.3+dfsg-1ubuntu3
5.5.6+dfsg-1ubuntu1
5.5.6+dfsg-1ubuntu2
5.5.8+dfsg-2ubuntu1
5.5.9+dfsg-1ubuntu1
5.5.9+dfsg-1ubuntu2
5.5.9+dfsg-1ubuntu3
5.5.9+dfsg-1ubuntu4
5.5.9+dfsg-1ubuntu4.1
5.5.9+dfsg-1ubuntu4.2
5.5.9+dfsg-1ubuntu4.3
5.5.9+dfsg-1ubuntu4.4
5.5.9+dfsg-1ubuntu4.5
5.5.9+dfsg-1ubuntu4.6
5.5.9+dfsg-1ubuntu4.7
5.5.9+dfsg-1ubuntu4.9
5.5.9+dfsg-1ubuntu4.11
5.5.9+dfsg-1ubuntu4.12
5.5.9+dfsg-1ubuntu4.13
5.5.9+dfsg-1ubuntu4.14
5.5.9+dfsg-1ubuntu4.16

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "libapache2-mod-php5"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "libapache2-mod-php5-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "libapache2-mod-php5filter"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "libapache2-mod-php5filter-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "libphp5-embed"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "libphp5-embed-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php-pear"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-cgi"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-cgi-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-cli"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-cli-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-common"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-common-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-curl"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-curl-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-dbg"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-dev"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-dev-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-enchant"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-enchant-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-fpm"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-fpm-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-gd"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-gd-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-gmp"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-gmp-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-intl"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-intl-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-ldap"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-ldap-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-mysql"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-mysql-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-mysqlnd"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-mysqlnd-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-odbc"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-odbc-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-pgsql"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-pgsql-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-pspell"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-pspell-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-readline"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-readline-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-recode"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-recode-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-snmp"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-snmp-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-sqlite"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-sqlite-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-sybase"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-sybase-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-tidy"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-tidy-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-xmlrpc"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-xmlrpc-dbgsym"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-xsl"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.17",
            "binary_name": "php5-xsl-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / php7.0

Package

Name
php7.0
Purl
pkg:deb/ubuntu/php7.0?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0.4-7ubuntu2.1

Affected versions

7.*

7.0.1-5
7.0.1-6
7.0.2-1
7.0.2-3
7.0.2-4
7.0.2-5
7.0.3-2
7.0.3-3
7.0.3-9ubuntu1
7.0.4-5ubuntu1
7.0.4-5ubuntu2
7.0.4-7ubuntu1
7.0.4-7ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "libapache2-mod-php7.0"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "libapache2-mod-php7.0-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "libphp7.0-embed"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "libphp7.0-embed-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-bcmath"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-bcmath-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-bz2"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-bz2-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-cgi"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-cgi-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-cli"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-cli-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-common"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-common-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-curl"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-curl-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-dev"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-enchant"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-enchant-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-fpm"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-fpm-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-gd"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-gd-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-gmp"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-gmp-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-imap"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-imap-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-interbase"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-interbase-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-intl"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-intl-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-json"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-json-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-ldap"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-ldap-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-mbstring"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-mbstring-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-mcrypt"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-mcrypt-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-mysql"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-mysql-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-odbc"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-odbc-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-opcache"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-opcache-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-pgsql"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-pgsql-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-phpdbg"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-phpdbg-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-pspell"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-pspell-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-readline"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-readline-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-recode"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-recode-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-snmp"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-snmp-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-soap"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-soap-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-sqlite3"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-sqlite3-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-sybase"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-sybase-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-tidy"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-tidy-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-xml"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-xml-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-xmlrpc"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-xmlrpc-dbgsym"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-xsl"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-zip"
        },
        {
            "binary_version": "7.0.4-7ubuntu2.1",
            "binary_name": "php7.0-zip-dbgsym"
        }
    ]
}