Ubuntu Update For Php5 USN-2126-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Bernd Melchers discovered that PHP's embedded libmagic library incorrectly handled indirect offset values. An attacker could use this issue to cause PHP to consume resources or crash, resulting in a denial of service. (CVE-2014-1943) It was discovered that PHP incorrectly handled certain values when using the imagecrop function. An attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 13.10. (CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-2020)

Affected

php5 on Ubuntu 13.10 , Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 10.04 LTS

Severity

Classification

CVE CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-1943, CVE-2014-2020

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for bind9 USN-1163-1
Ubuntu Update for cinder USN-2005-1
Ubuntu Update for cups USN-2144-1
Ubuntu Update for aptdaemon vulnerability USN-1068-1
Ubuntu Update for boost1.49 USN-1727-1

Ubuntu Update for php5 USN-2126-1

Take action and discover your vulnerabilities