SECURITY

USN-3211-1: PHP vulnerabilities Ubuntu Security Notice USN-3211-1 23rd February, 2017 php7.0 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Summary Several security issues were fixed in PHP. Software description php7.0 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain invalid objects whenunserializing data. A remote attacker could use this issue to cause PHP tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2016-7479) It was discovered that PHP incorrectly handled certain invalid objects whenunserializing data. A remote attacker could use this issue to cause PHP tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2016-9137) It was discovered that PHP incorrectly handled unserializing certainwddxPacket XML documents. A remote attacker could use this issue to causePHP to crash, resulting in a denial of [ more… ]

USN-3142-2: ImageMagick regression Ubuntu Security Notice USN-3142-2 22nd February, 2017 imagemagick regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-3142-1 introduced a regression in ImageMagick. Software description imagemagick – Image manipulation programs and library Details USN-3142-1 fixed vulnerabilities in ImageMagick. The security fixesintroduced a regression with text labels and a regression with the textcoder. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Update instructions The problem can be [ more… ]