According to the recent Ubuntu Security Notice php5 could be made to crash or run arbitrary code if it received specially crafted network traffic.
“Summary -php5 could be made to crash or run programs if it received specially crafted network traffic.” states the advisory.
The Security Notice was issued by for the first time by the vendor on 9th September, 2014 and it was coded as USN-2344-1.
According to Ubuntu, the security flaw affects the following releases and its derivatives:
According to security notice, the Fileinfo component in php5 contains is affected by an integer overflow that could be exploited by a bad actor to cause a denial of service or to execute arbitrary code via a crafted CDF file. (CVE-2014-3587). The advisory also reports that the php_parserr function contains multiple buffer overflows that could be exploited by an attacker to cause a denial of service or to execute arbitrary code via crafted DNS records. (CVE-2014-3597)
The vulnerabilities have been already fixed and it correct the problem is it necessary to update user’s system to the following package version:
Be aware, once updated the system it is necessary to restart Apache or php5-fpm to make effective the changes.
(Security Affairs – Ubuntu, php)
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.