Ubuntu Security Notice USN-1042-1

11th January, 2011

php5 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 10.10
• Ubuntu 10.04 LTS
• Ubuntu 9.10
• Ubuntu 8.04 LTS
• Ubuntu 6.06 LTS

Software description

• php5

Details

It was discovered that an integer overflow in the XML UTF-8 decoding
code could allow an attacker to bypass cross-site scripting (XSS)
protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS,
and Ubuntu 9.10. (CVE-2009-5016)

It was discovered that the XML UTF-8 decoding code did not properly
handle non-shortest form UTF-8 encoding and ill-formed subsequences
in UTF-8 data, which could allow an attacker to bypass cross-site
scripting (XSS) protections. (CVE-2010-3870)

It was discovered that attackers might be able to bypass open_basedir()
restrictions by passing a specially crafted filename. (CVE-2010-3436)

Maksymilian Arciemowicz discovered that a NULL pointer derefence in the
ZIP archive handling code could allow an attacker to cause a denial
of service through a specially crafted ZIP archive. This issue only
affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu
10.10. (CVE-2010-3709)

It was discovered that a stack consumption vulnerability in the
filter_var() PHP function when in FILTER_VALIDATE_EMAIL mode, could
allow a remote attacker to cause a denial of service. This issue
only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and
Ubuntu 10.10. (CVE-2010-3710)

It was discovered that the mb_strcut function in the Libmbfl
library within PHP could allow an attacker to read arbitrary memory
within the application process. This issue only affected Ubuntu
10.10. (CVE-2010-4156)

Maksymilian Arciemowicz discovered that an integer overflow in the
NumberFormatter::getSymbol function could allow an attacker to cause
a denial of service. This issue only affected Ubuntu 10.04 LTS and
Ubuntu 10.10. (CVE-2010-4409)

Rick Regan discovered that when handing PHP textual representations
of the largest subnormal double-precision floating-point number,
the zend_strtod function could go into an infinite loop on 32bit
x86 processors, allowing an attacker to cause a denial of service.
(CVE-2010-4645)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 10.10:

php5-cli 5.3.3-1ubuntu9.2

php5-cgi 5.3.3-1ubuntu9.2

libapache2-mod-php5 5.3.3-1ubuntu9.2

Ubuntu 10.04 LTS:

php5-cli 5.3.2-1ubuntu4.6

php5-cgi 5.3.2-1ubuntu4.6

libapache2-mod-php5 5.3.2-1ubuntu4.6

Ubuntu 9.10:

php5-cli 5.2.10.dfsg.1-2ubuntu6.6

php5-cgi 5.2.10.dfsg.1-2ubuntu6.6

libapache2-mod-php5 5.2.10.dfsg.1-2ubuntu6.6

Ubuntu 8.04 LTS:

php5-cli 5.2.4-2ubuntu5.13

php5-cgi 5.2.4-2ubuntu5.13

libapache2-mod-php5 5.2.4-2ubuntu5.13

Ubuntu 6.06 LTS:

php5-cli 5.1.2-1ubuntu3.20

php5-cgi 5.1.2-1ubuntu3.20

libapache2-mod-php5 5.1.2-1ubuntu3.20

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2009-5016, CVE-2010-3436, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4156, CVE-2010-4409, CVE-2010-4645