Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Security

Flaws in php5 could cause crash or run programs on Ubuntu

Ubuntu has issued a security notice to inform users about flaws in php5 exploitable to crash or run programs if it received specially crafted network traffic. According to the recent Ubuntu Security Notice php5 could be made to crash or run arbitrary code if it received specially crafted network traffic. “Summary -php5 could be made […]

ubuntu CVE-2026-3888

Ubuntu has issued a security notice to inform users about flaws in php5 exploitable to crash or run programs if it received specially crafted network traffic.

According to the recent Ubuntu Security Notice php5 could be made to crash or run arbitrary code if it received specially crafted network traffic.

“Summary -php5 could be made to crash or run programs if it received specially crafted network traffic.” states the advisory.

The Security Notice was issued by for the first time by the vendor on 9th September, 2014 and it was coded as USN-2344-1.

Ubuntu flaw

According to Ubuntu, the security flaw affects the following releases and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

According to security notice, the Fileinfo component in php5 contains is affected by an integer overflow that could be exploited by a bad actor to cause a denial of service or to execute arbitrary code via a crafted CDF file. (CVE-2014-3587). The advisory also reports that the php_parserr function contains multiple buffer overflows that could be exploited by an attacker to cause a denial of service or to execute arbitrary code via crafted DNS records. (CVE-2014-3597)

The vulnerabilities have been already fixed and it correct the problem is it necessary to update user’s system to the following package version:

Ubuntu 14.04 LTS:
php5 5.5.9+dfsg-1ubuntu4.4
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.4
php5-fpm 5.5.9+dfsg-1ubuntu4.4
php5-cgi 5.5.9+dfsg-1ubuntu4.4
Ubuntu 12.04 LTS:
php5 5.3.10-1ubuntu3.14
libapache2-mod-php5 5.3.10-1ubuntu3.14
php5-fpm 5.3.10-1ubuntu3.14
php5-cgi 5.3.10-1ubuntu3.14
Ubuntu 10.04 LTS:
php5 5.3.2-1ubuntu4.27
libapache2-mod-php5 5.3.2-1ubuntu4.27
php5-cgi 5.3.2-1ubuntu4.27

Be aware, once updated the system it is necessary to restart Apache or php5-fpm to make effective the changes.

Pierluigi Paganini

(Security Affairs – Ubuntu, php)