USN-7049-3: PHP vulnerabilities

Packages

php5 - HTML-embedded scripting language interpreter

Details

USN-7049-1 fixed vulnerabilities in PHP. This update
provides the corresponding updates for Ubuntu 14.04 LTS.

Original advisory details:

It was discovered that PHP incorrectly handled parsing multipart form
data.A remote attacker could possibly use this issue to inject payloads
and cause PHP to ignore legitimate data. (CVE-2024-8925)

It was discovered that PHP incorrectly handled the cgi.force_redirect
configuration option due to environment variable collisions. In certain
configurations, an attacker could possibly use this issue bypass
force_redirect restrictions. (CVE-2024-8927)

USN-7049-1 fixed vulnerabilities in PHP. This update
provides the corresponding updates for Ubuntu 14.04 LTS.

Original advisory details:

It was discovered that PHP incorrectly handled parsing multipart form
data.A remote attacker could possibly use this issue to inject payloads
and cause PHP to ignore legitimate data. (CVE-2024-8925)

It was discovered that PHP incorrectly handled the cgi.force_redirect
configuration option due to environment variable collisions. In certain
configurations, an attacker could possibly use this issue bypass
force_redirect restrictions. (CVE-2024-8927)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
14.04 trusty	libapache2-mod-php5 – 5.5.9+dfsg-1ubuntu4.29+esm16
	php5 – 5.5.9+dfsg-1ubuntu4.29+esm16
	php5-cgi – 5.5.9+dfsg-1ubuntu4.29+esm16
	php5-cli – 5.5.9+dfsg-1ubuntu4.29+esm16
	php5-fpm – 5.5.9+dfsg-1ubuntu4.29+esm16

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices