{"id":"USN-3382-1","summary":"php5, php7.0 vulnerabilities","details":"It was discovered that the PHP opcache created keys for files it cached\nbased on their filepath. A local attacker could possibly use this issue in\na shared hosting environment to obtain sensitive information. This issue\nonly affected Ubuntu 14.04 LTS. (CVE-2015-8994)\n\nIt was discovered that the PHP URL parser incorrectly handled certain URI\ncomponents. A remote attacker could possibly use this issue to bypass\nhostname-specific URL checks. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2016-10397)\n\nIt was discovered that PHP incorrectly handled certain boolean parameters\nwhen unserializing data. A remote attacker could possibly use this issue to\ncause PHP to crash, resulting in a denial of service. This issue only\naffected Ubuntu 14.04 LTS. (CVE-2017-11143)\n\nSebastian Li, Wei Lei, Xie Xiaofei, and Liu Yang discovered that PHP\nincorrectly handled the OpenSSL sealing function. A remote attacker could\npossibly use this issue to cause PHP to crash, resulting in a denial of\nservice. (CVE-2017-11144)\n\nWei Lei and Liu Yang discovered that the PHP date extension incorrectly\nhandled memory. A remote attacker could possibly use this issue to disclose\nsensitive information from the server. (CVE-2017-11145)\n\nIt was discovered that PHP incorrectly handled certain PHAR archives. A\nremote attacker could use this issue to cause PHP to crash or disclose\nsensitive information. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2017-11147)\n\nIt was discovered that PHP incorrectly handled locale length. A remote\nattacker could possibly use this issue to cause PHP to crash, resulting in\na denial of service. (CVE-2017-11362)\n\nWei Lei and Liu Yang discovered that PHP incorrectly handled parsing ini\nfiles. An attacker could possibly use this issue to cause PHP to crash,\nresulting in a denial of service. (CVE-2017-11628)\n\nIt was discovered that PHP mbstring incorrectly handled certain regular\nexpressions. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)\n","modified":"2026-04-22T09:38:12.766158Z","published":"2017-08-10T15:26:31Z","related":["UBUNTU-CVE-2015-8994","UBUNTU-CVE-2016-10397","UBUNTU-CVE-2017-11143","UBUNTU-CVE-2017-11144","UBUNTU-CVE-2017-11145","UBUNTU-CVE-2017-11147","UBUNTU-CVE-2017-11362","UBUNTU-CVE-2017-11628","UBUNTU-CVE-2017-9224","UBUNTU-CVE-2017-9226","UBUNTU-CVE-2017-9227","UBUNTU-CVE-2017-9228","UBUNTU-CVE-2017-9229"],"upstream":["CVE-2015-8994","CVE-2016-10397","CVE-2017-11143","CVE-2017-11144","CVE-2017-11145","CVE-2017-11147","CVE-2017-11362","CVE-2017-11628","CVE-2017-9224","CVE-2017-9226","CVE-2017-9227","CVE-2017-9228","CVE-2017-9229","UBUNTU-CVE-2015-8994","UBUNTU-CVE-2016-10397","UBUNTU-CVE-2017-11143","UBUNTU-CVE-2017-11144","UBUNTU-CVE-2017-11145","UBUNTU-CVE-2017-11147","UBUNTU-CVE-2017-11362","UBUNTU-CVE-2017-11628","UBUNTU-CVE-2017-9224","UBUNTU-CVE-2017-9226","UBUNTU-CVE-2017-9227","UBUNTU-CVE-2017-9228","UBUNTU-CVE-2017-9229"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3382-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8994"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10397"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9224"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9226"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9227"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9228"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-9229"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-11143"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-11144"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-11145"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-11147"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-11362"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-11628"}],"affected":[{"package":{"name":"php5","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/php5@5.5.9+dfsg-1ubuntu4.22?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.5.9+dfsg-1ubuntu4.22"}]}],"versions":["5.5.3+dfsg-1ubuntu2","5.5.3+dfsg-1ubuntu3","5.5.6+dfsg-1ubuntu1","5.5.6+dfsg-1ubuntu2","5.5.8+dfsg-2ubuntu1","5.5.9+dfsg-1ubuntu1","5.5.9+dfsg-1ubuntu2","5.5.9+dfsg-1ubuntu3","5.5.9+dfsg-1ubuntu4","5.5.9+dfsg-1ubuntu4.1","5.5.9+dfsg-1ubuntu4.2","5.5.9+dfsg-1ubuntu4.3","5.5.9+dfsg-1ubuntu4.4","5.5.9+dfsg-1ubuntu4.5","5.5.9+dfsg-1ubuntu4.6","5.5.9+dfsg-1ubuntu4.7","5.5.9+dfsg-1ubuntu4.9","5.5.9+dfsg-1ubuntu4.11","5.5.9+dfsg-1ubuntu4.12","5.5.9+dfsg-1ubuntu4.13","5.5.9+dfsg-1ubuntu4.14","5.5.9+dfsg-1ubuntu4.16","5.5.9+dfsg-1ubuntu4.17","5.5.9+dfsg-1ubuntu4.19","5.5.9+dfsg-1ubuntu4.20","5.5.9+dfsg-1ubuntu4.21"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-php5","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"libapache2-mod-php5filter","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"libphp5-embed","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php-pear","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-cgi","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-cli","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-common","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-curl","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-enchant","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-fpm","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-gd","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-gmp","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-intl","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-ldap","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-mysql","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-mysqlnd","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-odbc","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-pgsql","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-pspell","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-readline","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-recode","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-snmp","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-sqlite","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-sybase","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-tidy","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-xmlrpc","binary_version":"5.5.9+dfsg-1ubuntu4.22"},{"binary_name":"php5-xsl","binary_version":"5.5.9+dfsg-1ubuntu4.22"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2015-8994"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2016-10397"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-9224"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-9226"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-9227"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-9228"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-9229"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-11143"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-11144"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-11145"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-11147"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2017-11362"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-11628"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3382-1.json"}},{"package":{"name":"php7.0","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/php7.0@7.0.22-0ubuntu0.16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.22-0ubuntu0.16.04.1"}]}],"versions":["7.0.1-5","7.0.1-6","7.0.2-1","7.0.2-3","7.0.2-4","7.0.2-5","7.0.3-2","7.0.3-3","7.0.3-9ubuntu1","7.0.4-5ubuntu1","7.0.4-5ubuntu2","7.0.4-7ubuntu1","7.0.4-7ubuntu2","7.0.4-7ubuntu2.1","7.0.8-0ubuntu0.16.04.1","7.0.8-0ubuntu0.16.04.2","7.0.8-0ubuntu0.16.04.3","7.0.13-0ubuntu0.16.04.1","7.0.15-0ubuntu0.16.04.1","7.0.15-0ubuntu0.16.04.2","7.0.15-0ubuntu0.16.04.4","7.0.18-0ubuntu0.16.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-php7.0","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"libphp7.0-embed","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-bcmath","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-bz2","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-cgi","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-cli","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-common","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-curl","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-dba","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-enchant","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-fpm","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-gd","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-gmp","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-imap","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-interbase","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-intl","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-json","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-ldap","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-mbstring","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-mcrypt","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-mysql","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-odbc","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-opcache","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-pgsql","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-phpdbg","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-pspell","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-readline","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-recode","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-snmp","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-soap","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-sqlite3","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-sybase","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-tidy","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-xml","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-xmlrpc","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-xsl","binary_version":"7.0.22-0ubuntu0.16.04.1"},{"binary_name":"php7.0-zip","binary_version":"7.0.22-0ubuntu0.16.04.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-9224"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-9226"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-9227"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-9228"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-9229"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-11144"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-11145"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2017-11362"},{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-11628"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3382-1.json"}}],"schema_version":"1.7.5"}