[월:] 2016년 10월

USN-3095-1: PHP vulnerabilities Ubuntu Security Notice USN-3095-1 4th October, 2016 php5, php7.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter Details Taoguang Chen discovered that PHP incorrectly handled certain invalidobjects when unserializing data. A remote attacker could use this issue tocause PHP to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2016-7124) Taoguang Chen discovered that PHP incorrectly handled invalid sessionnames. A remote attacker could use this issue to inject arbitrary sessiondata. (CVE-2016-7125) It was discovered that PHP incorrectly handled certain gamma values in theimagegammacorrect function. A remote attacker could use this issue to causePHP to crash, resulting in a denial of [ more… ]