Packages
- php5 -
Details
Maksymilian Arciemowicz discovered that PHP did not properly handle the
ini_restore function. An attacker could exploit this issue to obtain
random memory contents or to cause the PHP server to crash, resulting in a
denial of service. (CVE-2009-2626)
It was discovered that the htmlspecialchars function did not properly
handle certain character sequences, which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output. With
cross-site scripting vulnerabilities, if a user were tricked into viewing
server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain. (CVE-2009-4142)
Stefan Esser discovered that PHP did not properly handle session data. An
attacker could exploit this issue to bypass...
Maksymilian Arciemowicz discovered that PHP did not properly handle the
ini_restore function. An attacker could exploit this issue to obtain
random memory contents or to cause the PHP server to crash, resulting in a
denial of service. (CVE-2009-2626)
It was discovered that the htmlspecialchars function did not properly
handle certain character sequences, which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output. With
cross-site scripting vulnerabilities, if a user were tricked into viewing
server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain. (CVE-2009-4142)
Stefan Esser discovered that PHP did not properly handle session data. An
attacker could exploit this issue to bypass safe_mode or open_basedir
restrictions. (CVE-2009-4143)
Update instructions
In general, a standard system upgrade is sufficient to effect the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 9.10 karmic | php5-cli – 5.2.10.dfsg.1-2ubuntu6.4 | ||
| php5-cgi – 5.2.10.dfsg.1-2ubuntu6.4 | |||
| 9.04 jaunty | php5-cli – 5.2.6.dfsg.1-3ubuntu4.5 | ||
| php5-cgi – 5.2.6.dfsg.1-3ubuntu4.5 | |||
| 8.10 intrepid | php5-cli – 5.2.6-2ubuntu4.6 | ||
| php5-cgi – 5.2.6-2ubuntu4.6 | |||
| 8.04 hardy | php5-cli – 5.2.4-2ubuntu5.10 | ||
| php5-cgi – 5.2.4-2ubuntu5.10 | |||
| 6.06 dapper | php5-cli – 5.1.2-1ubuntu3.18 | ||
| php5-cgi – 5.1.2-1ubuntu3.18 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.