Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : php5, php7.0 vulnerabilities (USN-3045-1) (httpoxy)

Ubuntu Security Notice (C) 2016 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

It was discovered that PHP incorrectly handled certain
SplMinHeap::compare operations. A remote attacker could use this issue
to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and
Ubuntu 14.04 LTS. (CVE-2015-4116)

It was discovered that PHP incorrectly handled recursive method calls.
A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8873)

It was discovered that PHP incorrectly validated certain Exception
objects when unserializing data. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 12.04
LTS and Ubuntu 14.04 LTS. (CVE-2015-8876)

It was discovered that PHP header() function performed insufficient
filtering for Internet Explorer. A remote attacker could possibly use
this issue to perform a XSS attack. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8935)

It was discovered that PHP incorrectly handled certain locale
operations. An attacker could use this issue to cause PHP to crash,
resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5093)

It was discovered that the PHP php_html_entities() function
incorrectly handled certain string lengths. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5094, CVE-2016-5095)

It was discovered that the PHP fread() function incorrectly handled
certain lengths. An attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2016-5096)

It was discovered that the PHP FastCGI Process Manager (FPM) SAPI
incorrectly handled memory in the access logging feature. An attacker
could use this issue to cause PHP to crash, resulting in a denial of
service, or possibly expose sensitive information. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5114)

It was discovered that PHP would not protect applications from
contents of the HTTP_PROXY environment variable when based on the
contents of the Proxy header from HTTP requests. A remote attacker
could possibly use this issue in combination with scripts that honour
the HTTP_PROXY variable to redirect outgoing HTTP requests.
(CVE-2016-5385)

Hans Jerry Illikainen discovered that the PHP bzread() function
incorrectly performed error handling. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-5399)

It was discovered that certain PHP multibyte string functions
incorrectly handled memory. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.
(CVE-2016-5768)

It was discovered that the PHP Mcrypt extension incorrectly handled
memory. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2016-5769)

It was discovered that the PHP garbage collector incorrectly handled
certain objects when unserializing malicious data. A remote attacker
could use this issue to cause PHP to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue was only
addressed in Ubuntu Ubuntu 14.04 LTS. (CVE-2016-5771, CVE-2016-5773)

It was discovered that PHP incorrectly handled memory when
unserializing malicious xml data. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 12.04
LTS and Ubuntu 14.04 LTS. (CVE-2016-5772)

It was discovered that the PHP php_url_parse_ex() function incorrectly
handled string termination. A remote attacker could use this issue to
cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and
Ubuntu 14.04 LTS. (CVE-2016-6288)

It was discovered that PHP incorrectly handled path lengths when
extracting certain Zip archives. A remote attacker could use this
issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-6289)

It was discovered that PHP incorrectly handled session
deserialization. A remote attacker could use this issue to cause PHP
to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-6290)

It was discovered that PHP incorrectly handled exif headers when
processing certain JPEG images. A remote attacker could use this issue
to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-6291, CVE-2016-6292)

It was discovered that PHP incorrectly handled certain locale
operations. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2016-6294)

It was discovered that the PHP garbage collector incorrectly handled
certain objects when unserializing SNMP data. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6295)

It was discovered that the PHP xmlrpc_encode_request() function
incorrectly handled certain lengths. An attacker could use this issue
to cause PHP to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-6296)

It was discovered that the PHP php_stream_zip_opener() function
incorrectly handled memory. An attacker could use this issue to cause
PHP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-6297).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:ND)
Public Exploit Available : false