Ubuntu Local Security Checks : Ubuntu Update for php7.2 USN-3646-1

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.843523

Kategorie: Ubuntu Local Security Checks

Titel: Ubuntu Update for php7.2 USN-3646-1

Zusammenfassung: The remote host is missing an update for the 'php7.2'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'php7.2'
package(s) announced via the referenced advisory.

Vulnerability Insight:
It was discovered that PHP incorrectly handled
opcache access controls when configured to use PHP-FPM. A local user could possibly
use this issue to obtain sensitive information from another user's PHP applications.
(CVE-2018-10545)

It was discovered that the PHP iconv stream filter incorrect handled
certain invalid multibyte sequences. A remote attacker could possibly use
this issue to cause PHP to hang, resulting in a denial of service.
(CVE-2018-10546)

It was discovered that the PHP PHAR error pages incorrectly filtered
certain data. A remote attacker could possibly use this issue to perform
a reflected XSS attack. (CVE-2018-10547)

It was discovered that PHP incorrectly handled LDAP. A malicious remote
LDAP server could possibly use this issue to cause PHP to crash, resulting
in a denial of service. (CVE-2018-10548)

It was discovered that PHP incorrectly handled certain exif tags in JPEG
images. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. This issue only affected Ubuntu
16.04 LTS, Ubuntu 17.10, and Ubuntu 18.04 LTS. (CVE-2018-10549)

Affected Software/OS:
php7.2 on Ubuntu 18.04 LTS,
Ubuntu 17.10,
Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS

Solution:
Please install the updated packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-10545
Common Vulnerability Exposure (CVE) ID: CVE-2018-10546
Common Vulnerability Exposure (CVE) ID: CVE-2018-10547
Common Vulnerability Exposure (CVE) ID: CVE-2018-10548
Common Vulnerability Exposure (CVE) ID: CVE-2018-10549

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.843523
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu Update for php7.2 USN-3646-1
Zusammenfassung:	The remote host is missing an update for the 'php7.2'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'php7.2' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. (CVE-2018-10545) It was discovered that the PHP iconv stream filter incorrect handled certain invalid multibyte sequences. A remote attacker could possibly use this issue to cause PHP to hang, resulting in a denial of service. (CVE-2018-10546) It was discovered that the PHP PHAR error pages incorrectly filtered certain data. A remote attacker could possibly use this issue to perform a reflected XSS attack. (CVE-2018-10547) It was discovered that PHP incorrectly handled LDAP. A malicious remote LDAP server could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-10548) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.10, and Ubuntu 18.04 LTS. (CVE-2018-10549) Affected Software/OS: php7.2 on Ubuntu 18.04 LTS, Ubuntu 17.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10545 Common Vulnerability Exposure (CVE) ID: CVE-2018-10546 Common Vulnerability Exposure (CVE) ID: CVE-2018-10547 Common Vulnerability Exposure (CVE) ID: CVE-2018-10548 Common Vulnerability Exposure (CVE) ID: CVE-2018-10549
Copyright	Copyright (C) 2018 Greenbone Networks GmbH