About Ubuntu

=========================================================== Ubuntu Security Notice USN-66-2 February 17, 2005 php4 vulnerability http://www.securitytracker.com/alerts/2004/Oct/1011984.html =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libapache2-mod-php4 php4-cgi php4-curl The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.4. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Ubuntu Security Notice USN-66-1 described a circumvention of the "open_basedir" restriction by using the cURL module. Adam Conrad discovered that the fix from USN-66-1 still allowed to bypass this restriction with certain variants of path specifications. In addition this update fixes the crash of the PHP interpreter if curl_init() was called without parameters. For reference, this is the relevant part of the original advisory: FraMe from kernelpanik.org reported that the cURL module does not respect open_basedir restrictions. As a result, scripts which used cURL to open files with an user-specified path could read arbitrary local files outside of the open_basedir directory.