Ubuntu Local Security Checks : Ubuntu Update for php7.0 USN-3211-1

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.843067

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for php7.0 USN-3211-1

Resumen: The remote host is missing an update for the 'php7.0'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'php7.0'
package(s) announced via the referenced advisory.

Vulnerability Insight:
It was discovered that PHP incorrectly
handled certain invalid objects when unserializing data. A remote attacker
could use this issue to cause PHP to crash, resulting in a denial of service,
or possibly execute arbitrary code. (CVE-2016-7479)

It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9137)

It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-9935)

It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-9936)

It was discovered that PHP incorrectly handled certain EXIF data. A remote
attacker could use this issue to cause PHP to crash, resulting in a denial
of service. (CVE-2016-10158)

It was discovered that PHP incorrectly handled certain PHAR archives. A
remote attacker could use this issue to cause PHP to crash or consume
resources, resulting in a denial of service. (CVE-2016-10159)

It was discovered that PHP incorrectly handled certain PHAR archives. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2016-10160)

It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2016-10161)

It was discovered that PHP incorrectly handled unserializing certain
wddxPacket XML documents. A remote attacker could use this issue to cause
PHP to crash, resulting in a denial of service. (CVE-2016-10162)

It was discovered that PHP incorrectly handled certain invalid objects when
unserializing data. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-5340)

Affected Software/OS:
php7.0 on Ubuntu 16.10,
Ubuntu 16.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-7479
BugTraq ID: 95151
http://www.securityfocus.com/bid/95151
http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7
http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf
https://bugs.php.net/bug.php?id=73092
https://www.youtube.com/watch?v=LDcaPstAuPk
RedHat Security Advisories: RHSA-2018:1296
https://access.redhat.com/errata/RHSA-2018:1296
http://www.securitytracker.com/id/1037659
Common Vulnerability Exposure (CVE) ID: CVE-2016-9137
BugTraq ID: 93577
http://www.securityfocus.com/bid/93577
Debian Security Information: DSA-3698 (Google Search)
http://www.debian.org/security/2016/dsa-3698
http://www.openwall.com/lists/oss-security/2016/11/01/2
Common Vulnerability Exposure (CVE) ID: CVE-2016-9935
BugTraq ID: 94846
http://www.securityfocus.com/bid/94846
Debian Security Information: DSA-3737 (Google Search)
http://www.debian.org/security/2016/dsa-3737
https://security.gentoo.org/glsa/201702-29
http://www.openwall.com/lists/oss-security/2016/12/12/2
SuSE Security Announcement: openSUSE-SU-2016:3239 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html
SuSE Security Announcement: openSUSE-SU-2017:0061 (Google Search)
http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html
SuSE Security Announcement: openSUSE-SU-2017:0081 (Google Search)
http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9936
BugTraq ID: 94849
http://www.securityfocus.com/bid/94849
Common Vulnerability Exposure (CVE) ID: CVE-2017-5340
BugTraq ID: 95371
http://www.securityfocus.com/bid/95371

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.843067
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for php7.0 USN-3211-1
Resumen:	The remote host is missing an update for the 'php7.0'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'php7.0' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9935) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-9936) It was discovered that PHP incorrectly handled certain EXIF data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10158) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash or consume resources, resulting in a denial of service. (CVE-2016-10159) It was discovered that PHP incorrectly handled certain PHAR archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-10160) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10161) It was discovered that PHP incorrectly handled unserializing certain wddxPacket XML documents. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2016-10162) It was discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5340) Affected Software/OS: php7.0 on Ubuntu 16.10, Ubuntu 16.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7479 BugTraq ID: 95151 http://www.securityfocus.com/bid/95151 http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 http://blog.checkpoint.com/wp-content/uploads/2016/12/PHP_Technical_Report.pdf https://bugs.php.net/bug.php?id=73092 https://www.youtube.com/watch?v=LDcaPstAuPk RedHat Security Advisories: RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296 http://www.securitytracker.com/id/1037659 Common Vulnerability Exposure (CVE) ID: CVE-2016-9137 BugTraq ID: 93577 http://www.securityfocus.com/bid/93577 Debian Security Information: DSA-3698 (Google Search) http://www.debian.org/security/2016/dsa-3698 http://www.openwall.com/lists/oss-security/2016/11/01/2 Common Vulnerability Exposure (CVE) ID: CVE-2016-9935 BugTraq ID: 94846 http://www.securityfocus.com/bid/94846 Debian Security Information: DSA-3737 (Google Search) http://www.debian.org/security/2016/dsa-3737 https://security.gentoo.org/glsa/201702-29 http://www.openwall.com/lists/oss-security/2016/12/12/2 SuSE Security Announcement: openSUSE-SU-2016:3239 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html SuSE Security Announcement: openSUSE-SU-2017:0061 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html SuSE Security Announcement: openSUSE-SU-2017:0081 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-01/msg00054.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9936 BugTraq ID: 94849 http://www.securityfocus.com/bid/94849 Common Vulnerability Exposure (CVE) ID: CVE-2017-5340 BugTraq ID: 95371 http://www.securityfocus.com/bid/95371
Copyright	Copyright (C) 2017 Greenbone Networks GmbH