Ubuntu Update For Php5 USN-2344-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

It was discovered that the Fileinfo component in php5 contains an integer overflow. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via a crafted CDF file. (CVE-2014-3587) It was discovered that the php_parserr function contains multiple buffer overflows. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via crafted DNS records. (CVE-2014-3597)

Affected

php5 on Ubuntu 14.04 LTS , Ubuntu 12.04 LTS , Ubuntu 10.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/002657.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3587, CVE-2014-3597

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for apt USN-2246-1
Ubuntu Update for colord USN-1289-1
Ubuntu Update for cups USN-1207-1
Ubuntu Update for curl USN-2048-2
Ubuntu Update for apache2 vulnerabilities USN-908-1

Ubuntu Update for php5 USN-2344-1

Take action and discover your vulnerabilities