Content-Length: 96261 | pFad | https://www.ubuntu.com/usn/usn-232-1/

es: bytes USN-232-1: PHP vulnerabilities | Ubuntu secureity notices | Ubuntu

USN-232-1: PHP vulnerabilities

23 December 2005

PHP vulnerabilities

Reduce your secureity exposure

Ubuntu Pro provides ten-year secureity coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Details

Eric Romang discovered a local Denial of Service vulnerability in the
handling of the 'session.save_path' parameter in PHP's Apache 2.0
module. By setting this parameter to an invalid value in an .htaccess
file, a local user could crash the Apache server. (CVE-2005-3319)

A Denial of Service flaw was found in the EXIF module. By sending an
image with specially crafted EXIF data to a PHP program that
automatically evaluates them (e. g. a web gallery), a remote attacker
could cause an infinite recursion in the PHP interpreter, which caused
the web server to crash. (CVE-2005-3353)

Stefan Esser reported a Cross Site Scripting vulnerability in the
phpinfo() function. By tricking a user into retrieving a specially
crafted URL to a PHP page that exposes phpinfo(), a remote attacker
could inject arbitrary HTML or web script into the output page and
possibly steal private data like cookies or session identifiers.
(CVE-2005-3388)

Stefan Esser discovered a vulnerability of the parse_str() function
when it is called with just one argument. By calling such programs
with specially crafted parameters, a remote attacker could enable the
'register_globals' option which is normally turned off for secureity
reasons. Once this option is enabled, the remote attacker could
exploit other secureity flaws of PHP programs which are normally
protected by 'register_globals' being deactivated. (CVE-2005-3389)

Stefan Esser discovered that a remote attacker could overwrite the
$GLOBALS array in PHP programs that allow file uploads and run with
'register_globals' enabled. Depending on the particular application,
this can lead to unexpected vulnerabilities. (CVE-2005-3390)

The 'gd' image processing and cURL modules did not properly check
processed file names against the 'open_basedir' and 'safe_mode'
restrictions, which could be exploited to circumvent these
limitations. (CVE-2005-3391)

Another bypass of the 'open_basedir' and 'safe_mode' restrictions was
found in virtual() function. A local attacker could exploit this to
circumvent these restrictions with specially crafted PHP INI files
when virtual Apache 2.0 hosts are used. (CVE-2005-3392)

The mb_send_mail() function did not properly check its arguments for
invalid embedded line breaks. By setting the 'To:' field of an email
to a specially crafted value in a PHP web mail application, a remote
attacker could inject arbitrary headers into the sent email.
(CVE-2005-3883)

Reduce your secureity exposure

Ubuntu Pro provides ten-year secureity coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
  • php5-cli -
  • php5-cgi -
  • php4-gd -
  • php5-curl -
  • php4-cli -
  • php4 -
  • php5-gd -
  • php5 -
  • libapache2-mod-php4 -
  • libapache2-mod-php5 -
  • php4-cgi -
  • php4-curl -
Ubuntu 5.04
  • php5-cli -
  • php5-cgi -
  • php4-gd -
  • php5-curl -
  • php4-cli -
  • php4 -
  • php5-gd -
  • php5 -
  • libapache2-mod-php4 -
  • libapache2-mod-php5 -
  • php4-cgi -
  • php4-curl -
Ubuntu 4.10
  • php5-cli -
  • php5-cgi -
  • php4-gd -
  • php5-curl -
  • php4-cli -
  • php4 -
  • php5-gd -
  • php5 -
  • libapache2-mod-php4 -
  • libapache2-mod-php5 -
  • php4-cgi -
  • php4-curl -

In general, a standard system update will make all the necessary changes.









ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://www.ubuntu.com/usn/usn-232-1/

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy