- Vulnerability/
- USN-3902-2
USN-3902-2: PHP vulnerabilities
First published: Tue Mar 12 2019(Updated: )
USN-3902-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-9020, CVE-2019-9024) It was discovered that the PHP PHAR module incorrectly handled certain filenames. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-9021) It was discovered that PHP incorrectly handled mbstring regular expressions. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-9023)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/php5-cli | <5.3.10-1ubuntu3.33 | 5.3.10-1ubuntu3.33 |
| Ubuntu OpenSSH Client | =12.04 | |
| All of | ||
| ubuntu/php5-cgi | <5.3.10-1ubuntu3.33 | 5.3.10-1ubuntu3.33 |
| Ubuntu OpenSSH Client | =12.04 | |
| All of | ||
| ubuntu/libapache2-mod-php5 | <5.3.10-1ubuntu3.33 | 5.3.10-1ubuntu3.33 |
| Ubuntu OpenSSH Client | =12.04 | |
| All of | ||
| ubuntu/php5-fpm | <5.3.10-1ubuntu3.33 | 5.3.10-1ubuntu3.33 |
| Ubuntu OpenSSH Client | =12.04 | |
| All of | ||
| ubuntu/php5-xmlrpc | <5.3.10-1ubuntu3.33 | 5.3.10-1ubuntu3.33 |
| Ubuntu OpenSSH Client | =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-9020
- https://ubuntu.com/security/CVE-2019-9021
- https://ubuntu.com/security/CVE-2019-9023
- https://ubuntu.com/security/CVE-2019-9024
- https://ubuntu.com/security/notices/USN-3902-1
- https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.33
- https://ubuntu.com/security/notices/USN-3902-2 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What vulnerability does USN-3902-2 address?
USN-3902-2 addresses PHP vulnerabilities.
What is the severity of the PHP vulnerabilities?
The severity of the PHP vulnerabilities is not specified.
Which versions of Ubuntu are affected by the PHP vulnerabilities?
The PHP vulnerabilities affect Ubuntu 12.04 ESM.
How can I fix the PHP vulnerabilities?
To fix the PHP vulnerabilities, update the affected software to version 5.3.10-1ubuntu3.33.
Where can I find more information about the PHP vulnerabilities?
You can find more information about the PHP vulnerabilities at the following references: [CVE-2019-9020](https://ubuntu.com/security/CVE-2019-9020), [CVE-2019-9021](https://ubuntu.com/security/CVE-2019-9021), [CVE-2019-9023](https://ubuntu.com/security/CVE-2019-9023).
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu openssh client
- version/ubuntu openssh client/12.04