What vulnerabilities does USN-3953-2 address?

USN-3953-2 addresses the vulnerabilities CVE-2019-11034 and CVE-2019-11035.

Which versions of Ubuntu are affected by USN-3953-2?

Ubuntu 12.04 (precise) and Ubuntu 14.04 (trusty) are affected by USN-3953-2.

What is the affected software for USN-3953-2?

The affected software for USN-3953-2 includes libapache2-mod-php5, php5-fpm, php5-cgi, and php5-cli.

How do I fix the vulnerabilities addressed by USN-3953-2?

To fix the vulnerabilities, update the affected software packages to version 5.5.9+dfsg-1ubuntu4.29+esm1 for Ubuntu 14.04 and version 5.3.10-1ubuntu3.35 for Ubuntu 12.04.

Where can I find more information about USN-3953-2?

You can find more information about USN-3953-2 in the Ubuntu security notices: [link](https://ubuntu.com/security/notices/USN-3953-1).

Vulnerability/
USN-3953-2

1/5/2019

USN-3953-2: PHP vulnerabilities

First published: Wed May 01 2019(Updated: )

USN-3953-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Affected Software	Affected Version	How to fix
All of
ubuntu/libapache2-mod-php5	<5.5.9+dfsg-1ubuntu4.29+esm1	5.5.9+dfsg-1ubuntu4.29+esm1
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/php5-fpm	<5.5.9+dfsg-1ubuntu4.29+esm1	5.5.9+dfsg-1ubuntu4.29+esm1
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/php5-cgi	<5.5.9+dfsg-1ubuntu4.29+esm1	5.5.9+dfsg-1ubuntu4.29+esm1
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/php5-cli	<5.5.9+dfsg-1ubuntu4.29+esm1	5.5.9+dfsg-1ubuntu4.29+esm1
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/libapache2-mod-php5	<5.3.10-1ubuntu3.35	5.3.10-1ubuntu3.35
Ubuntu OpenSSH Client	=12.04
All of
ubuntu/php5-fpm	<5.3.10-1ubuntu3.35	5.3.10-1ubuntu3.35
Ubuntu OpenSSH Client	=12.04
All of
ubuntu/php5-cgi	<5.3.10-1ubuntu3.35	5.3.10-1ubuntu3.35
Ubuntu OpenSSH Client	=12.04
All of
ubuntu/php5-cli	<5.3.10-1ubuntu3.35	5.3.10-1ubuntu3.35
Ubuntu OpenSSH Client	=12.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What vulnerabilities does USN-3953-2 address?
USN-3953-2 addresses the vulnerabilities CVE-2019-11034 and CVE-2019-11035.
Which versions of Ubuntu are affected by USN-3953-2?
Ubuntu 12.04 (precise) and Ubuntu 14.04 (trusty) are affected by USN-3953-2.
What is the affected software for USN-3953-2?
The affected software for USN-3953-2 includes libapache2-mod-php5, php5-fpm, php5-cgi, and php5-cli.
How do I fix the vulnerabilities addressed by USN-3953-2?
To fix the vulnerabilities, update the affected software packages to version 5.5.9+dfsg-1ubuntu4.29+esm1 for Ubuntu 14.04 and version 5.3.10-1ubuntu3.35 for Ubuntu 12.04.
Where can I find more information about USN-3953-2?
You can find more information about USN-3953-2 in the Ubuntu security notices: [link](https://ubuntu.com/security/notices/USN-3953-1).

agent/severity
agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
agent/title
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
anchor-related/USN-3953-1
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu openssh client
version/ubuntu openssh client/14.04
version/ubuntu openssh client/12.04