Lucene search

K
ubuntuUbuntuUSN-3766-1
HistorySep 18, 2018 - 12:00 a.m.

PHP vulnerabilities

2018-09-1800:00:00
ubuntu.com
130

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.009

Percentile

82.8%

Releases

  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • php5 - HTML-embedded scripting language interpreter
  • php7.0 - HTML-embedded scripting language interpreter
  • php7.2 - HTML-embedded scripting language interpreter

Details

It was discovered that PHP incorrectly handled restarting certain child
processes when php-fpm is used. A remote attacker could possibly use this
issue to cause a denial of service. This issue was only addressed in Ubuntu
18.04 LTS. (CVE-2015-9253)

It was discovered that PHP incorrectly handled certain exif tags in JPEG
images. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2018-14851, CVE-2018-14883)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchlibapache2-mod-php7.2< 7.2.10-0ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchlibapache2-mod-php7.2-dbgsym< 7.2.10-0ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchlibphp7.2-embed< 7.2.10-0ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchlibphp7.2-embed-dbgsym< 7.2.10-0ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchphp7.2< 7.2.10-0ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchphp7.2-bcmath< 7.2.10-0ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchphp7.2-bcmath-dbgsym< 7.2.10-0ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchphp7.2-bz2< 7.2.10-0ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchphp7.2-bz2-dbgsym< 7.2.10-0ubuntu0.18.04.1UNKNOWN
Ubuntu18.04noarchphp7.2-cgi< 7.2.10-0ubuntu0.18.04.1UNKNOWN
Rows per page:
1-10 of 2031

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.009

Percentile

82.8%