Ubuntu
php5 package

[ffe] security upgrade to php 5.2.11

Bug #446313 reported by Martin Lindhe on 2009-10-08

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	php5 (Ubuntu)	Fix Released	Wishlist	Unassigned

Bug Description

Binary package hint: php5

Security Enhancements and Fixes in PHP 5.2.11:

    * Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
    * Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
    * Added missing sanity checks around exif processing. (Ilia)
    * Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)

http://www.php.net/releases/5_2_11.php

php 5.2.11 is already available in debian: http://packages.debian.org/sid/php5

Related branches

lp:ubuntu/hardy-security/php5

lp:ubuntu/dapper-security/php5

lp:ubuntu/intrepid-security/php5

lp:ubuntu/jaunty-security/php5

lp:ubuntu/karmic-security/php5

CVE References

Jamie Strandboge (jdstrand) on 2009-10-09

visibility:	private → public
Changed in php5 (Ubuntu):
status:	New → Confirmed

Revision history for this message

Chuck Short (zulcss) wrote on 2009-10-22:

This is not going to happen for karmic since we are releasing next week. The patches will be back ported and the appropriate CVE will be published.

Changed in php5 (Ubuntu):
importance:	Undecided → Wishlist

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-11-26:

This bug was fixed in the package php5 - 5.2.10.dfsg.1-2ubuntu6.3

---------------
php5 (5.2.10.dfsg.1-2ubuntu6.3) karmic-security; urgency=low

  * SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313)
    - debian/patches/CVE-2009-3291.patch: validate certificate's CN length
      in ext/openssl/openssl.c.
    - CVE-2009-3291
  * SECURITY UPDATE: denial of service via malformed exif images
    (LP: #446313)
    - debian/patches/CVE-2009-3292.patch: check length, return codes, and
      nesting level in ext/exif/exif.c.
    - CVE-2009-3292
  * SECURITY UPDATE: safe_mode bypass via tempam function
    - debian/patches/CVE-2009-3557.patch: check for safe_mode in
      ext/standard/file.c.
    - CVE-2009-3557
  * SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo
    - debian/patches/CVE-2009-3558.patch: check for open_basedir in
      ext/posix/posix.c.
    - CVE-2009-3558
  * SECURITY UPDATE: denial of service via large number of files in
    form-data POST request.
    - debian/patches/CVE-2009-4017.patch: introduce new "max_file_uploads"
      directive and enforce in main/main.c, main/rfc1867.c.
    - ATTENTION: this update changes previous php5 behaviour by limiting
      the number of files in a POST request to 50. This may be increased
      by adding a "max_file_uploads" directive to the php.ini configuration
      file.
    - CVE-2009-4017
  * SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open()
    - debian/patches/CVE-2009-4018.patch: add safe_mode check in
      ext/standard/proc_open.c
    - CVE-2009-4018
-- Marc Deslauriers <email address hidden> Thu, 26 Nov 2009 08:27:27 -0500

Changed in php5 (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuphp5 package