USN-2758-1: PHP vulnerabilities

Ubuntu Security Notice USN-2758-1

30th September, 2015

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in PHP.

Software description

  • php5
    – HTML-embedded scripting language interpreter

Details

It was discovered that the PHP phar extension incorrectly handled certain
files. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service. (CVE-2015-5589)

It was discovered that the PHP phar extension incorrectly handled certain
filepaths. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-5590)

Taoguang Chen discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-6831, CVE-2015-6834, CVE-2015-6835

Sean Heelan discovered that PHP incorrectly handled unserializing
objects. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-6832)

It was discovered that the PHP phar extension incorrectly handled certain
archives. A remote attacker could use this issue to cause files to be
placed outside of the destination directory. (CVE-2015-6833)

Andrea Palazzo discovered that the PHP Soap client incorrectly validated
data types. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-6836)

It was discovered that the PHP XSLTProcessor class incorrectly handled
certain data. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service. (CVE-2015-6837)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
php5-cli

5.6.4+dfsg-4ubuntu6.3
php5-cgi

5.6.4+dfsg-4ubuntu6.3
libapache2-mod-php5

5.6.4+dfsg-4ubuntu6.3
php5-fpm

5.6.4+dfsg-4ubuntu6.3
Ubuntu 14.04 LTS:
php5-cli

5.5.9+dfsg-1ubuntu4.13
php5-cgi

5.5.9+dfsg-1ubuntu4.13
libapache2-mod-php5

5.5.9+dfsg-1ubuntu4.13
php5-fpm

5.5.9+dfsg-1ubuntu4.13
Ubuntu 12.04 LTS:
php5-cli

5.3.10-1ubuntu3.20
php5-cgi

5.3.10-1ubuntu3.20
libapache2-mod-php5

5.3.10-1ubuntu3.20
php5-fpm

5.3.10-1ubuntu3.20

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-5589,

CVE-2015-5590,

CVE-2015-6831,

CVE-2015-6832,

CVE-2015-6833,

CVE-2015-6834,

CVE-2015-6835,

CVE-2015-6836,

CVE-2015-6837,

CVE-2015-6838

Apple Releases Security Updates for OS X El Capitan, Safari, and iOS

Original release date: September 30, 2015

Apple has released security updates for OS X El Capitan, Safari, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow an attacker to run arbitrary code.

Available updates include:

  • OS X El Capitan 10.11 for Mac OS X v10.6.8 and later
  • Safari 9 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
  • iOS 9.0.2 for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

US-CERT encourages users and administrators to review Apple security updates for OS X El Capitan, Safari, and iOS and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

CVE-2015-1528

Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application’s privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482.

CVE-2015-1536

Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages improper unmarshalling of bitmaps, aka internal bug 19666945.

CVE-2015-1538

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.

CVE-2015-1539

Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493.

CVE-2015-1541

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.