USN-261-1: PHP vulnerabilities

10 March 2006

php4, php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

Stefan Esser discovered that the ‘session’ module did not sufficiently verify the validity of the user-supplied session ID. A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP Response Splitting (forging of arbitrary responses on behalf the PHP application) and Cross Site Scripting (XSS) (execution of arbitrary web script code in the client’s browser) attacks. (CVE-2006-0207)

PHP applications were also vulnerable to several Cross Site Scripting (XSS) flaws if the options ‘display_errors’ and ‘html_errors’ were enabled. Please note that enabling ‘html_errors’ is not recommended for production systems. (CVE-2006-0208)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
libapache2-mod-php4
libapache2-mod-php5
Ubuntu 5.04
libapache2-mod-php4
libapache2-mod-php5
Ubuntu 4.10
libapache2-mod-php4
libapache2-mod-php5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References