LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 1231-1: PHP Vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Several security issues were fixed in PHP.
==========================================================================
Ubuntu Security Notice USN-1231-1
October 18, 2011

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
- php5: HTML-embedded scripting language interpreter

Details:

Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a
stack-based buffer overflow existed in the socket_connect function's
handling of long pathnames for AF_UNIX sockets. A remote attacker
might be able to exploit this to execute arbitrary code; however,
the default compiler options for affected releases should reduce
the vulnerability to a denial of service. This issue affected Ubuntu
10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1938)

Krzysztof Kotowicz discovered that the PHP post handler function
does not properly restrict filenames in multipart/form-data POST
requests. This may allow remote attackers to conduct absolute
path traversal attacks and possibly create or overwrite arbitrary
files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu
10.10 and Ubuntu 11.04. (CVE-2011-2202)

It was discovered that the crypt function for blowfish does not
properly handle 8-bit characters. This could make it easier for an
attacker to discover a cleartext password containing an 8-bit character
that has a matching blowfish crypt value. This issue affected Ubuntu
10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-2483)

It was discovered that PHP did not properly check the return values of
the malloc(3), calloc(3) and realloc(3) library functions in multiple
locations. This could allow an attacker to cause a denial of service
via a NULL pointer dereference or possibly execute arbitrary code.
This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10
and Ubuntu 11.04. (CVE-2011-3182)

Maksymilian Arciemowicz discovered that PHP did not properly implement
the error_log function. This could allow an attacker to cause a denial
of service via an application crash. This issue affected Ubuntu 10.04
LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3267)

Maksymilian Arciemowicz discovered that the ZipArchive functions
addGlob() and addPattern() did not properly check their flag arguments.
This could allow a malicious script author to cause a denial of
service via application crash. This issue affected Ubuntu 10.04 LTS,
Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-1657)

It was discovered that the Xend opcode parser in PHP could be interrupted
while handling the shift-left, shift-right, and bitwise-xor opcodes.
This could allow a malicious script author to expose memory
contents. This issue affected Ubuntu 10.04 LTS. (CVE-2010-1914)

It was discovered that the strrchr function in PHP could be interrupted
by a malicious script, allowing the exposure of memory contents. This
issue affected Ubuntu 8.04 LTS. (CVE-2010-2484)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  libapache2-mod-php5             5.3.6-13ubuntu3.2
  php5-cgi                        5.3.6-13ubuntu3.2
  php5-cli                        5.3.6-13ubuntu3.2
  php5-common                     5.3.6-13ubuntu3.2

Ubuntu 11.04:
  libapache2-mod-php5             5.3.5-1ubuntu7.3
  php5-cgi                        5.3.5-1ubuntu7.3
  php5-cli                        5.3.5-1ubuntu7.3
  php5-common                     5.3.5-1ubuntu7.3

Ubuntu 10.10:
  libapache2-mod-php5             5.3.3-1ubuntu9.6
  php5-cgi                        5.3.3-1ubuntu9.6
  php5-cli                        5.3.3-1ubuntu9.6
  php5-common                     5.3.3-1ubuntu9.6

Ubuntu 10.04 LTS:
  libapache2-mod-php5             5.3.2-1ubuntu4.10
  php5-cgi                        5.3.2-1ubuntu4.10
  php5-cli                        5.3.2-1ubuntu4.10
  php5-common                     5.3.2-1ubuntu4.10

Ubuntu 8.04 LTS:
  libapache2-mod-php5             5.2.4-2ubuntu5.18
  php5-cgi                        5.2.4-2ubuntu5.18
  php5-cli                        5.2.4-2ubuntu5.18
  php5-common                     5.2.4-2ubuntu5.18

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1231-1
  CVE-2010-1914, CVE-2010-2484, CVE-2011-1657, CVE-2011-1938,
  CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267

Package Information:
  https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.2
  https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.3
  https://launchpad.net/ubuntu/+source/php5/5.3.3-1ubuntu9.6
  https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.10
  https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.18


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.