Ubuntu Update For Php5 USN-1569-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1569-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. (CVE-2011-1398, CVE-2012-4388) It was discovered that PHP incorrectly handled directories with a large number of files. This could allow a remote attacker to execute arbitrary code with the privileges of the web server, or to perform a denial of service. (CVE-2012-2688) It was discovered that PHP incorrectly parsed certain PDO prepared statements. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. (CVE-2012-3450)

Affected

php5 on Ubuntu 12.04 LTS , Ubuntu 11.10 , Ubuntu 11.04 , Ubuntu 10.04 LTS , Ubuntu 8.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-September/001826.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1398, CVE-2012-2688, CVE-2012-3450, CVE-2012-4388

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for php5 USN-1569-1

Take action and discover your vulnerabilities