Ubuntu Security Notice 4097-2 - USN-4097-1 fixed several vulnerabilities in php5. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
ee180ae079b8e455e61420482598bc1c207a25f342d5a81fd7e176cd36dd226e
=========================================================================
Ubuntu Security Notice USN-4097-2
August 13, 2019
php5 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
PHP could be made to crash or execute arbitrary code if it
received specially crafted image.
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
USN-4097-1 fixed several vulnerabilities in php5. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that PHP incorrectly handled certain images.
An attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. (CVE-2019-11041, CVE-2019-11042)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.29+esm5
php5-cgi 5.5.9+dfsg-1ubuntu4.29+esm5
php5-cli 5.5.9+dfsg-1ubuntu4.29+esm5
php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm5
php5-xmlrpc 5.5.9+dfsg-1ubuntu4.29+esm5
Ubuntu 12.04 ESM:
libapache2-mod-php5 5.3.10-1ubuntu3.39
php5-cgi 5.3.10-1ubuntu3.39
php5-cli 5.3.10-1ubuntu3.39
php5-fpm 5.3.10-1ubuntu3.39
php5-xmlrpc 5.3.10-1ubuntu3.39
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4097-2
https://usn.ubuntu.com/4097-1
CVE-2019-11041, CVE-2019-11042