USN-105-1: PHP4 vulnerabilities

5 April 2005

php4 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

Two Denial of Service vulnerabilities have been discovered in the getimagesize() function. getimagesize() uses format specific internal functions php_handle_iff() and php_handle_jpeg() which get stuck in infinite loops when certain (invalid) size parameters are read from the image. In web applications that allow users to upload arbitrary image files, a remote attacker could render the server unavailable by uploading specially crafted images.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
libapache2-mod-php4
php4-cgi

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References