Ubuntu USN-824-1 (php5) Network Vulnerability

Summary

The remote host is missing an update to php5 announced via advisory USN-824-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: php5-cgi 5.1.2-1ubuntu3.15 php5-cli 5.1.2-1ubuntu3.15 Ubuntu 8.04 LTS: php5-cgi 5.2.4-2ubuntu5.7 php5-cli 5.2.4-2ubuntu5.7 Ubuntu 8.10: php5-cgi 5.2.6-2ubuntu4.3 php5-cli 5.2.6-2ubuntu4.3 Ubuntu 9.04: php5-cgi 5.2.6.dfsg.1-3ubuntu4.2 php5-cli 5.2.6.dfsg.1-3ubuntu4.2 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-824-1

Insight

It was discovered that PHP did not properly handle certain malformed JPEG images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service.

Severity

Classification

CVE CVE-2009-2687

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Ubuntu Update for cpio USN-2456-1
Ubuntu Update for apache2 vulnerability USN-990-2
Ubuntu Update for apache2 vulnerabilities USN-908-1
Ubuntu Update for bind9 USN-1163-1
Ubuntu Update for cinder USN-2248-1

Take action and discover your vulnerabilities