지락문화예술공작단

USN-3382-2: PHP vulnerabilities Ubuntu Security Notice USN-3382-2 18th December, 2017 php5 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in PHP. Software description php5 – HTML-embedded scripting language interpreter Details USN-3382-1 fixed several vulnerabilities in PHP. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the PHP URL parser incorrectly handled certain URI components. A remote attacker could possibly use this issue to bypass hostname-specific URL checks. (CVE-2016-10397) It was discovered that PHP incorrectly handled certain boolean parameters when unserializing data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2017-11143) Sebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP incorrectly handled the OpenSSL sealing function. A [ more… ]