1. Ubuntu Security Notices
  2. USN-3095-1

USN-3095-1: PHP vulnerabilities

Publication date

4 October 2016

Overview

Several security issues were fixed in PHP.

Releases

Packages

  • php5 - HTML-embedded scripting language interpreter
  • php7.0 - HTML-embedded scripting language interpreter

Details

Taoguang Chen discovered that PHP incorrectly handled certain invalid
objects when unserializing data. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-7124)

Taoguang Chen discovered that PHP incorrectly handled invalid session
names. A remote attacker could use this issue to inject arbitrary session
data. (CVE-2016-7125)

It was discovered that PHP incorrectly handled certain gamma values in the
imagegammacorrect function. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-7127)

It was discovered that PHP incorrectly handled certain crafted TIFF image
thumbnails. A remote attacker could use this issue to cause PHP to...

Taoguang Chen discovered that PHP incorrectly handled certain invalid
objects when unserializing data. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-7124)

Taoguang Chen discovered that PHP incorrectly handled invalid session
names. A remote attacker could use this issue to inject arbitrary session
data. (CVE-2016-7125)

It was discovered that PHP incorrectly handled certain gamma values in the
imagegammacorrect function. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-7127)

It was discovered that PHP incorrectly handled certain crafted TIFF image
thumbnails. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly expose sensitive information.
(CVE-2016-7128)

It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-7129, CVE-2016-7130, CVE-2016-7131,
CVE-2016-7132, CVE-2016-7413)

It was discovered that PHP incorrectly handled certain memory operations. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS. (CVE-2016-7133)

It was discovered that PHP incorrectly handled long strings in curl_escape
calls. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS. (CVE-2016-7134)

Taoguang Chen discovered that PHP incorrectly handled certain failures when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2016-7411)

It was discovered that PHP incorrectly handled certain flags in the MySQL
driver. Malicious remote MySQL servers could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-7412)

It was discovered that PHP incorrectly handled ZIP file signature
verification when processing a PHAR archive. A remote attacker could use
this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-7414)

It was discovered that PHP incorrectly handled certain locale operations. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2016-7416)

It was discovered that PHP incorrectly handled SplArray unserializing. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2016-7417)

Ke Liu discovered that PHP incorrectly handled unserializing wddxPacket XML
documents with incorrect boolean elements. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-7418)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
16.04 xenial libapache2-mod-php7.0 –  7.0.8-0ubuntu0.16.04.3
php7.0-cgi –  7.0.8-0ubuntu0.16.04.3
php7.0-cli –  7.0.8-0ubuntu0.16.04.3
php7.0-curl –  7.0.8-0ubuntu0.16.04.3
php7.0-fpm –  7.0.8-0ubuntu0.16.04.3
php7.0-gd –  7.0.8-0ubuntu0.16.04.3
php7.0-mysql –  7.0.8-0ubuntu0.16.04.3
14.04 trusty libapache2-mod-php5 –  5.5.9+dfsg-1ubuntu4.20
php5-cgi –  5.5.9+dfsg-1ubuntu4.20
php5-cli –  5.5.9+dfsg-1ubuntu4.20
php5-curl –  5.5.9+dfsg-1ubuntu4.20
php5-fpm –  5.5.9+dfsg-1ubuntu4.20
php5-gd –  5.5.9+dfsg-1ubuntu4.20
php5-mysqlnd –  5.5.9+dfsg-1ubuntu4.20
12.04 precise libapache2-mod-php5 –  5.3.10-1ubuntu3.25
php5-cgi –  5.3.10-1ubuntu3.25
php5-cli –  5.3.10-1ubuntu3.25
php5-curl –  5.3.10-1ubuntu3.25
php5-fpm –  5.3.10-1ubuntu3.25
php5-gd –  5.3.10-1ubuntu3.25
php5-mysqlnd –  5.3.10-1ubuntu3.25

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›