Ubuntu Security Notice USN-105-1
5th April, 2005
php4 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Details
Two Denial of Service vulnerabilities have been discovered in the
getimagesize() function. getimagesize() uses format specific internal
functions php_handle_iff() and php_handle_jpeg() which get stuck in
infinite loops when certain (invalid) size parameters are read from
the image. In web applications that allow users to upload arbitrary
image files, a remote attacker could render the server unavailable by
uploading specially crafted images.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 4.10:
- libapache2-mod-php4
- php4-cgi
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None