{"id":"USN-2254-1","summary":"php5 vulnerabilities","details":"Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM)\nset incorrect permissions on the UNIX socket. A local attacker could use\nthis issue to possibly elevate their privileges. This issue only affected\nUbuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0185)\n\nFrancisco Alonso discovered that the PHP Fileinfo component incorrectly\nhandled certain CDF documents. A remote attacker could use this issue to\ncause PHP to hang or crash, resulting in a denial of service.\n(CVE-2014-0237, CVE-2014-0238)\n\nStefan Esser discovered that PHP incorrectly handled DNS TXT records. A\nremote attacker could use this issue to cause PHP to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2014-4049)\n","modified":"2026-04-22T08:54:03.267882Z","published":"2014-06-23T12:05:29Z","related":["UBUNTU-CVE-2014-0185","UBUNTU-CVE-2014-0237","UBUNTU-CVE-2014-0238","UBUNTU-CVE-2014-4049"],"upstream":["CVE-2014-0185","CVE-2014-0237","CVE-2014-0238","CVE-2014-4049","UBUNTU-CVE-2014-0185","UBUNTU-CVE-2014-0237","UBUNTU-CVE-2014-0238","UBUNTU-CVE-2014-4049"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2254-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0185"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0237"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-0238"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-4049"}],"affected":[{"package":{"name":"php5","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/php5@5.5.9+dfsg-1ubuntu4.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.5.9+dfsg-1ubuntu4.1"}]}],"versions":["5.5.3+dfsg-1ubuntu2","5.5.3+dfsg-1ubuntu3","5.5.6+dfsg-1ubuntu1","5.5.6+dfsg-1ubuntu2","5.5.8+dfsg-2ubuntu1","5.5.9+dfsg-1ubuntu1","5.5.9+dfsg-1ubuntu2","5.5.9+dfsg-1ubuntu3","5.5.9+dfsg-1ubuntu4"],"ecosystem_specific":{"binaries":[{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"libapache2-mod-php5"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"libapache2-mod-php5filter"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"libphp5-embed"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php-pear"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-cgi"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-cli"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-common"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-curl"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-enchant"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-fpm"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-gd"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-gmp"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-intl"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-ldap"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-mysql"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-mysqlnd"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-odbc"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-pgsql"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-pspell"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-readline"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-recode"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-snmp"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-sqlite"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-sybase"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-tidy"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-xmlrpc"},{"binary_version":"5.5.9+dfsg-1ubuntu4.1","binary_name":"php5-xsl"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2254-1.json","cves_map":{"cves":[{"id":"CVE-2014-0185","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-0237","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2014-0238","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2014-4049","severity":[{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.5"}