SB2018071917 - Resource exhaustion in php7 (Alpine package)
Published: July 19, 2018
Security Bulletin ID
SB2018071917
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2015-9253)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the php-fpm master process due to improper processing of crafted PHP scripts. A remote attacker can send a specially crafted PHP script, trigger the php-fpm master process to restart a child process and cause the php-fpm master process the php-fpm master process to consume all available CPU resources and excessive amounts of disk space that results in denial of service.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=583c0d55e9e7208425dd53eb1739a7010b6b0dbc
- https://git.alpinelinux.org/aports/commit/?id=7c1daf27a04307093cef0fcb3f1c5ab4bb68eee1
- https://git.alpinelinux.org/aports/commit/?id=797bba4604043977849b0c0cf0b2ef7b21b1ea8c
- https://git.alpinelinux.org/aports/commit/?id=38460e57f1f299ba2454aa7869c699f1ab333ca1
- https://git.alpinelinux.org/aports/commit/?id=e926d392a07679544bce3f4b6c80437ce08b92b5
- https://git.alpinelinux.org/aports/commit/?id=736eba37f03f8a66f0c893cd64eb88e4bf229119