USN-1042-1: PHP vulnerabilities

11 January 2011

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 8.04 LTS
  • Ubuntu 6.06 LTS

Summary

Software Description

  • php5

Details

It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. (CVE-2009-5016)

It was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting (XSS) protections. (CVE-2010-3870)

It was discovered that attackers might be able to bypass open_basedir() restrictions by passing a specially crafted filename. (CVE-2010-3436)

Maksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive. This issue only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. (CVE-2010-3709)

It was discovered that a stack consumption vulnerability in the filter_var() PHP function when in FILTER_VALIDATE_EMAIL mode, could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. (CVE-2010-3710)

It was discovered that the mb_strcut function in the Libmbfl library within PHP could allow an attacker to read arbitrary memory within the application process. This issue only affected Ubuntu 10.10. (CVE-2010-4156)

Maksymilian Arciemowicz discovered that an integer overflow in the NumberFormatter::getSymbol function could allow an attacker to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. (CVE-2010-4409)

Rick Regan discovered that when handing PHP textual representations of the largest subnormal double-precision floating-point number, the zend_strtod function could go into an infinite loop on 32bit x86 processors, allowing an attacker to cause a denial of service. (CVE-2010-4645)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.10
libapache2-mod-php5 - 5.3.3-1ubuntu9.2
php5-cgi - 5.3.3-1ubuntu9.2
php5-cli - 5.3.3-1ubuntu9.2
Ubuntu 10.04 LTS
libapache2-mod-php5 - 5.3.2-1ubuntu4.6
php5-cgi - 5.3.2-1ubuntu4.6
php5-cli - 5.3.2-1ubuntu4.6
Ubuntu 9.10
libapache2-mod-php5 - 5.2.10.dfsg.1-2ubuntu6.6
php5-cgi - 5.2.10.dfsg.1-2ubuntu6.6
php5-cli - 5.2.10.dfsg.1-2ubuntu6.6
Ubuntu 8.04 LTS
libapache2-mod-php5 - 5.2.4-2ubuntu5.13
php5-cgi - 5.2.4-2ubuntu5.13
php5-cli - 5.2.4-2ubuntu5.13
Ubuntu 6.06 LTS
libapache2-mod-php5 - 5.1.2-1ubuntu3.20
php5-cgi - 5.1.2-1ubuntu3.20
php5-cli - 5.1.2-1ubuntu3.20

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References