What vulnerabilities are fixed in USN-4009-2?

USN-4009-2 fixed the CVE-2019-11039 and CVE-2019-11040 vulnerabilities.

How do I fix the PHP vulnerabilities in USN-4009-2?

To fix the PHP vulnerabilities in USN-4009-2, you need to update the affected software packages to versions 5.5.9+dfsg-1ubuntu4.29+esm3 or 5.3.10-1ubuntu3.37 depending on the Ubuntu version (12.04 or 14.04) you are using.

What is the severity of the PHP vulnerabilities in USN-4009-2?

The severity of the PHP vulnerabilities in USN-4009-2 is not specified in the advisory.

Where can I find more information about the PHP vulnerabilities in USN-4009-2?

You can find more information about the PHP vulnerabilities in USN-4009-2 in the Ubuntu security advisories: [CVE-2019-11039](https://ubuntu.com/security/CVE-2019-11039) and [CVE-2019-11040](https://ubuntu.com/security/CVE-2019-11040).

Vulnerability/
USN-4009-2

5/6/2019

USN-4009-2: PHP vulnerabilities

First published: Wed Jun 05 2019(Updated: )

USN-4009-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2019-11039) It was discovered that PHP incorrectly handled certain exif tags in images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-11040)

Affected Software	Affected Version	How to fix
All of
ubuntu/libapache2-mod-php5	<5.5.9+dfsg-1ubuntu4.29+esm3	5.5.9+dfsg-1ubuntu4.29+esm3
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/php5-fpm	<5.5.9+dfsg-1ubuntu4.29+esm3	5.5.9+dfsg-1ubuntu4.29+esm3
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/php5-cgi	<5.5.9+dfsg-1ubuntu4.29+esm3	5.5.9+dfsg-1ubuntu4.29+esm3
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/php5-cli	<5.5.9+dfsg-1ubuntu4.29+esm3	5.5.9+dfsg-1ubuntu4.29+esm3
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/libapache2-mod-php5	<5.3.10-1ubuntu3.37	5.3.10-1ubuntu3.37
Ubuntu OpenSSH Client	=12.04
All of
ubuntu/php5-fpm	<5.3.10-1ubuntu3.37	5.3.10-1ubuntu3.37
Ubuntu OpenSSH Client	=12.04
All of
ubuntu/php5-cgi	<5.3.10-1ubuntu3.37	5.3.10-1ubuntu3.37
Ubuntu OpenSSH Client	=12.04
All of
ubuntu/php5-cli	<5.3.10-1ubuntu3.37	5.3.10-1ubuntu3.37
Ubuntu OpenSSH Client	=12.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What vulnerabilities are fixed in USN-4009-2?
USN-4009-2 fixed the CVE-2019-11039 and CVE-2019-11040 vulnerabilities.
How do I fix the PHP vulnerabilities in USN-4009-2?
To fix the PHP vulnerabilities in USN-4009-2, you need to update the affected software packages to versions 5.5.9+dfsg-1ubuntu4.29+esm3 or 5.3.10-1ubuntu3.37 depending on the Ubuntu version (12.04 or 14.04) you are using.
What is the severity of the PHP vulnerabilities in USN-4009-2?
The severity of the PHP vulnerabilities in USN-4009-2 is not specified in the advisory.
Where can I find more information about the PHP vulnerabilities in USN-4009-2?
You can find more information about the PHP vulnerabilities in USN-4009-2 in the Ubuntu security advisories: [CVE-2019-11039](https://ubuntu.com/security/CVE-2019-11039) and [CVE-2019-11040](https://ubuntu.com/security/CVE-2019-11040).

agent/severity
agent/references
agent/type
agent/last-modified-date
agent/title
agent/first-publish-date
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu openssh client
version/ubuntu openssh client/14.04
version/ubuntu openssh client/12.04