USN-1042-1: PHP vulnerabilities

Releases

• Ubuntu 10.10
• Ubuntu 10.04
• Ubuntu 9.10
• Ubuntu 8.04
• Ubuntu 6.06

Packages

• php5 -

Details

It was discovered that an integer overflow in the XML UTF-8 decoding
code could allow an attacker to bypass cross-site scripting (XSS)
protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS,
and Ubuntu 9.10. (CVE-2009-5016)

It was discovered that the XML UTF-8 decoding code did not properly
handle non-shortest form UTF-8 encoding and ill-formed subsequences
in UTF-8 data, which could allow an attacker to bypass cross-site
scripting (XSS) protections. (CVE-2010-3870)

It was discovered that attackers might be able to bypass open_basedir()
restrictions by passing a specially crafted filename. (CVE-2010-3436)

Maksymilian Arciemowicz discovered that a NULL pointer derefence in the
ZIP archive handling code could allow an attacker to cause a denial
of service through a specially crafted ZIP archive. This issue only
affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu
10.10. (CVE-2010-3709)

It was discovered that a stack consumption vulnerability in the
filter_var() PHP function when in FILTER_VALIDATE_EMAIL mode, could
allow a remote attacker to cause a denial of service. This issue
only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and
Ubuntu 10.10. (CVE-2010-3710)

It was discovered that the mb_strcut function in the Libmbfl
library within PHP could allow an attacker to read arbitrary memory
within the application process. This issue only affected Ubuntu
10.10. (CVE-2010-4156)

Maksymilian Arciemowicz discovered that an integer overflow in the
NumberFormatter::getSymbol function could allow an attacker to cause
a denial of service. This issue only affected Ubuntu 10.04 LTS and
Ubuntu 10.10. (CVE-2010-4409)

Rick Regan discovered that when handing PHP textual representations
of the largest subnormal double-precision floating-point number,
the zend_strtod function could go into an infinite loop on 32bit
x86 processors, allowing an attacker to cause a denial of service.
(CVE-2010-4645)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10

• php5-cli - 5.2.10.dfsg.1-2ubuntu6.6
• php5-cgi - 5.2.10.dfsg.1-2ubuntu6.6
• libapache2-mod-php5 - 5.2.10.dfsg.1-2ubuntu6.6

Ubuntu 8.04

• php5-cli - 5.2.4-2ubuntu5.13
• php5-cgi - 5.2.4-2ubuntu5.13
• libapache2-mod-php5 - 5.2.4-2ubuntu5.13

Ubuntu 6.06

• php5-cli - 5.1.2-1ubuntu3.20
• php5-cgi - 5.1.2-1ubuntu3.20
• libapache2-mod-php5 - 5.1.2-1ubuntu3.20

Ubuntu 10.10

• php5-cli - 5.3.3-1ubuntu9.2
• php5-cgi - 5.3.3-1ubuntu9.2
• libapache2-mod-php5 - 5.3.3-1ubuntu9.2

Ubuntu 10.04

• php5-cli - 5.3.2-1ubuntu4.6
• php5-cgi - 5.3.2-1ubuntu4.6
• libapache2-mod-php5 - 5.3.2-1ubuntu4.6

In general, a standard system update will make all the necessary changes.

References

• CVE-2010-4409
• CVE-2009-5016
• CVE-2010-4156
• CVE-2010-4645
• CVE-2010-3870
• CVE-2010-3709
• CVE-2010-3710
• CVE-2010-3436