ESB-2018.1868 - [Debian] php5: Multiple vulnerabilities 2018-06-27

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1868
                       php5 update reaches Debian 8
                               27 June 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           php5
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Denial of Service        -- Remote/Unauthenticated      
                   Cross-site Scripting     -- Remote with User Interaction
                   Access Confidential Data -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-10549 CVE-2018-10548 CVE-2018-10547
                   CVE-2018-10546 CVE-2018-10545 CVE-2018-7584
                   CVE-2018-5712  

Reference:         ASB-2018.0070
                   ESB-2018.1434
                   ESB-2018.0941
                   ESB-2018.0433

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Package        : php5
Version        : 5.6.36+dfsg-0+deb8u1
CVE ID         : CVE-2018-7584 CVE-2018-10545 CVE-2018-10546 CVE-2018-10547
                 CVE-2018-10548 CVE-2018-10549

Several vulnerabilities were found in PHP, a widely-used open source
general purpose scripting language:

CVE-2018-7584

A stack-buffer-overflow while parsing HTTP response results in copying a
large string and possible memory corruption and/or denial of service

CVE-2018-10545

Dumpable FPM child processes allow bypassing opcache access controls
resulting in potential information disclosure where one user can obtain
information about another user's running PHP applications

CVE-2018-10546

An invalid sequence of bytes can trigger an infinite loop in the stream
filter convert.iconv

CVE-2018-10547

A previous fix for CVE-2018-5712 may not be complete, resulting in an
additional vulnerability in the form of a reflected XSS in the PHAR 403
and 404 error pages

CVE-2018-10548

A malicious remote LDAP server can send a crafted response that will
cause a denial of service (NULL pointer dereference resulting in an
application crash)

CVE-2018-10549

A crafted JPEG file can case an out-of-bounds read and heap buffer
overflow

For Debian 8 "Jessie", these problems have been fixed in version
5.6.36+dfsg-0+deb8u1.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAlsyiNkACgkQLNd4Xt2n
sg99Hg//Rq2qMcf33rFyqu96U57YP68T7qm7rjvhZ3Hi7nk6vOZpIdM6z+yV1cms
XhWI+xlYAZSuPkYJCDGbiNC5+Wtp1pP5R56Bw7ZPL5NhwK2WyuVa7KgufZQXqifh
zvx3qSMqA/ZJgOr+Ngpbs//8zN+9zSYkURQjmciMdViZVr+JbMTo1/K3xe651imi
BxSANU6EeexshePZLlT00SE8mTXl8DVdIcdJLi4nkNDcastkJzwtO3pf4evZGyVr
INJElAMBA8bxKpd7rxAAgQ/fawV5VgfpG99moVfmx4poUo5nceWgvEUfmfALV9jC
2XFLTSwYWg/+cD80+DwRX9yXrj65vwKJ83gc5U1K68mAXKDXZLC3tIay7DZRwbMG
SeCrbW11NBKRTVrNEUZC6XoeIkHx2nRG3eR83uPsJNAiho9rq4OQVoExE88+VU3k
vuhaQ0FnZs0dH6MXOGgIcT5/y2F2F4Q5LHfkQ93W8o2885bCrIyLd2z1ooLblZJS
66GrscMBPdzSc21tn6ocQTd35XXp887p87nJp/VOqWL1MVcQ5zICQbdiNAWAAYPv
+wOFxzqfkOcHIAeDRVLTn9McNqOGJJM3Xk/F1BA43lSm3BnU2R60gJy8PWGmL53o
/7BjSzb56YYwIeeebfnNmNsMQFirM/i6WoQeGMDiqwnLLqw9lcA=
=ElOr
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIUAwUBWzMJ3maOgq3Tt24GAQhTWg/2JXG2G0ozdgxT5FPtspGPf7hngZnlsdph
lI6J4lNl+B657S1V5O+rNbBWiJGSEm5f9zWG0v1M8quloMAiEH0xLUngu1V716H3
GivRrChNJcgj8/8pVRy826ULi3BuGAKZeS55+9Z8J1sSUL1IJqKYEnKhJtczoDIS
PuPPzpo/bNtYt2q0OY8dtjQfzP9tWU0Emm440kwXw2/f0xH9LEmBEUgACvVH3d8Z
a/YkUUoyQvq2BicfDUQtFgQOSh7evhH6ERKlHl5Zz0Ewxojb02x+ksREWra1LkUf
OA55rMdIfVSwxh+UxXW5F/cZ1JCdXPhnglZLTaixUZ02oDpDSFatIUNHggNBQpHa
LMcQlisqeQpG1ayKRA1kvz+WXUMCQRvEHzr2rthdF6fsf/XTU7kGe9RTXp/CvJL6
KbEwpxBaFu6P9axrJz60JZYXc+CwxlT3hTwDLzKc3BXedAIioJsJ7w+wVXkq0z8T
1h13j9UFzHotQwGTgxSg/nctcYEad4ngdcR5ie4X6dXk81bJayUxsK+K4JtZRsfB
3APTgEFFT+78gRE/uQmffvqHk6ayDwzL71dJh02ZXlXp2uN4/a9KVjFw3AvQYNjW
cQanEDXRtMfgiK/vdYXl3xvVSOEKICXg0vsN8vSnCtxG4L7wVuCMF8tZc8bnKfPn
ZAxzCOxKpA==
=bJTM
-----END PGP SIGNATURE-----

« Back to bulletins