1. Ubuntu Security Notices
  2. USN-40-1

USN-40-1: PHP vulnerabilities

Publication date

17 December 2004

Overview

PHP vulnerabilities

Releases

Details

Stefan Esser reported several buffer overflows in PHP’s variable unserializing
handling. These could allow an attacker to execute arbitrary code on the server
with the PHP interpreter’s privileges by sending specially crafted input
strings (form data, cookie values, and similar).

Additionally, Ilia Alshanetsky discovered a buffer overflow in the
exif_read_data() function. Attackers could execute arbitrary code on the server
by sending a JPEG image with a very long “sectionname” value to PHP
applications that support image uploads.

Stefan Esser reported several buffer overflows in PHP’s variable unserializing
handling. These could allow an attacker to execute arbitrary code on the server
with the PHP interpreter’s privileges by sending specially crafted input
strings (form data, cookie values, and similar).

Additionally, Ilia Alshanetsky discovered a buffer overflow in the
exif_read_data() function. Attackers could execute arbitrary code on the server
by sending a JPEG image with a very long “sectionname” value to PHP
applications that support image uploads.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
4.10 warty php4 – 
libapache2-mod-php4 – 
php4-cgi – 

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›