CVE-2014-3668)Symeon Paraschoudis discovered that PHP incorrectly handled unserializingobjects. A remote attacker could possibly use this issue to cause PHP tocrash, resulting in a denial of service. (CVE-2014-3669)Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnailfunction. A remote attacker could use this issue to cause PHP to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2014-3670)Francisco Alonso that PHP incorrectly handled ELF files in the fileinfoextension. A remote attacker could possibly use this issue to cause PHP tocrash, resulting in a denial of service. (CVE-2014-3710)It was discovered that PHP incorrectly handled NULL bytes when processingcertain URLs with the curl functions. A remote attacker could possibly usethis issue to bypass filename restrictions and obtain access to sensitivefiles. (No CVE number)"> OVAL Reference oval:org.mitre.oval:def:28073 - CERT Civis.Net
Oval Definition:oval:org.mitre.oval:def:28073
Revision Date:2015-03-09Version:5
Title:USN-2391-1 -- php5 vulnerabilities
Description:Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtimefunction. A remote attacker could possibly use this issue to cause PHP tocrash, resulting in a denial of service. (CVE-2014-3668)Symeon Paraschoudis discovered that PHP incorrectly handled unserializingobjects. A remote attacker could possibly use this issue to cause PHP tocrash, resulting in a denial of service. (CVE-2014-3669)Otto Ebeling discovered that PHP incorrectly handled the exif_thumbnailfunction. A remote attacker could use this issue to cause PHP to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2014-3670)Francisco Alonso that PHP incorrectly handled ELF files in the fileinfoextension. A remote attacker could possibly use this issue to cause PHP tocrash, resulting in a denial of service. (CVE-2014-3710)It was discovered that PHP incorrectly handled NULL bytes when processingcertain URLs with the curl functions. A remote attacker could possibly usethis issue to bypass filename restrictions and obtain access to sensitivefiles. (No CVE number)
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2014-3668
CVE-2014-3669
CVE-2014-3670
CVE-2014-3710
USN-2391-1
Platform(s):Ubuntu 10.04
Ubuntu 12.04
Ubuntu 14.04
Ubuntu 14.10
Product(s):php5
Definition Synopsis
  • Ubuntu 14.10 release section
  • Ubuntu 14.10 is installed
  • AND Packages match section
  • php5-cli is earlier than 0:5.5.12+dfsg-2ubuntu4.1
  • OR php5-cgi is earlier than 0:5.5.12+dfsg-2ubuntu4.1
  • OR php5-xmlrpc is earlier than 0:5.5.12+dfsg-2ubuntu4.1
  • OR php5-curl is earlier than 0:5.5.12+dfsg-2ubuntu4.1
  • OR libapache2-mod-php5 is earlier than 0:5.5.12+dfsg-2ubuntu4.1
  • OR php5-fpm is earlier than 0:5.5.12+dfsg-2ubuntu4.1
  • Ubuntu 14.04 release section
  • Ubuntu 14.04 is installed
  • AND Packages match section
  • php5-cli is earlier than 0:5.5.9+dfsg-1ubuntu4.5
  • OR php5-cgi is earlier than 0:5.5.9+dfsg-1ubuntu4.5
  • OR php5-xmlrpc is earlier than 0:5.5.9+dfsg-1ubuntu4.5
  • OR php5-curl is earlier than 0:5.5.9+dfsg-1ubuntu4.5
  • OR libapache2-mod-php5 is earlier than 0:5.5.9+dfsg-1ubuntu4.5
  • OR php5-fpm is earlier than 0:5.5.9+dfsg-1ubuntu4.5
  • Ubuntu 12.04 release section
  • Ubuntu 12.04 is installed
  • AND Packages match section
  • php5-cli is earlier than 0:5.3.10-1ubuntu3.15
  • OR php5-cgi is earlier than 0:5.3.10-1ubuntu3.15
  • OR php5-xmlrpc is earlier than 0:5.3.10-1ubuntu3.15
  • OR php5-curl is earlier than 0:5.3.10-1ubuntu3.15
  • OR libapache2-mod-php5 is earlier than 0:5.3.10-1ubuntu3.15
  • OR php5-fpm is earlier than 0:5.3.10-1ubuntu3.15
  • Ubuntu 10.04 release section
  • Ubuntu 10.04 is installed
  • AND Packages match section
  • php5-cli is earlier than 0:5.3.2-1ubuntu4.28
  • OR php5-cgi is earlier than 0:5.3.2-1ubuntu4.28
  • OR libapache2-mod-php5 is earlier than 0:5.3.2-1ubuntu4.28
  • OR php5-curl is earlier than 0:5.3.2-1ubuntu4.28
  • OR php5-xmlrpc is earlier than 0:5.3.2-1ubuntu4.28
    • BACK