漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that PHP incorrectly handled certain stream metadata.
It was discovered that PHP incorrectly handled the PHAR 404 error page.
It was discovered that PHP incorrectly handled parsing certain HTTP responses.
漏洞危害
A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10712)
A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-5712)
A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-7584)
解决方案
Refer to Ubuntu advisory USN-3600-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3600-1: 17.10 (artful) on src (php7.1-cli)
USN-3600-1: 16.04 (Xenial) on src (php7.0-cgi)
USN-3600-1: 16.04 (Xenial) on src (libapache2-mod-php7.0)
USN-3600-1: 14.04 (Kylin) on src (php5-cli)
USN-3600-1: 14.04 (Kylin) on src (php5-fpm)
USN-3600-1: 16.04 (Xenial) on src (php7.0-cli)
USN-3600-1: 17.10 (artful) on src (php7.1-cgi)
USN-3600-1: 17.10 (artful) on src (libapache2-mod-php7.1)
USN-3600-1: 14.04 (Kylin) on src (libapache2-mod-php5)
USN-3600-1: 16.04 (Xenial) on src (php7.0-fpm)
0daybank
文章评论