Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Ubuntu 11.04: USN-1126-2 Moderate: PHP Regressions and Updates

ubuntu
Calendar Grey May 5, 2011
Scroller Ubuntu
Attention Ubuntu users: Recent PHP regressions may compromise security on versions 18.04, 20.04, and 22.04 LTS. Upgrade urgently and verify settings
USN 1126-1 introduced two regressions in PHP.

Summary

USN 1126-1 introduced two regressions in PHP.

Software Description:

- php5: HTML-embedded scripting language interpreter

Details:

USN 1126-1 fixed several vulnerabilities in PHP. The fix for

CVE-2010-4697 introduced an incorrect reference counting regression

in the Zend engine that caused the PHP interpreter to segfault. This

regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.

The fixes for CVE-2011-1072 and CVE-2011-1144 introduced a regression

in the PEAR installer that prevented it from creating its cache

directory and reporting errors correctly.

We apologize for the inconvenience.

Original advisory details:

Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for

PHP 5.3.5 allows local users to delete arbitrary files via a symlink

attack on a directory under /var/lib/php5/. (CVE-2011-0441)

Raphael Geisert and Dan Rosenberg discovered that the PEAR installer

allows local users to overwrite arbitrary files via a symlink attac...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  libapache2-mod-php5             5.3.5-1ubuntu7.2
  php-pear                        5.3.5-1ubuntu7.2
  php5                            5.3.5-1ubuntu7.2
  php5-cgi                        5.3.5-1ubuntu7.2
  php5-cli                        5.3.5-1ubuntu7.2
  php5-common                     5.3.5-1ubuntu7.2

Ubuntu 10.10:
  libapache2-mod-php5             5.3.3-1ubuntu9.5
  php-pear                        5.3.3-1ubuntu9.5
  php5                            5.3.3-1ubuntu9.5
  php5-cgi                        5.3.3-1ubuntu9.5
  php5-cli                        5.3.3-1ubuntu9.5
  php5-common                     5.3.3-1ubuntu9.5

Ubuntu 10.04 LTS:
  libapache2-mod-php5             5.3.2-1ubuntu4.9
  php-pear                        5.3.2-1ubuntu4.9
  php5                            5.3.2-1ubuntu4.9
  php5-cgi                        5.3.2-1ubuntu4.9
  php5-cli                        5.3.2-1ubuntu4.9
  php5-common                     5.3.2-1ubuntu4.9

Ubuntu 9.10:
  libapache2-mod-php5             5.2.10.dfsg.1-2ubuntu6.10
  php-pear                        5.2.10.dfsg.1-2ubuntu6.10
  php5                            5.2.10.dfsg.1-2ubuntu6.10
  php5-cgi                        5.2.10.dfsg.1-2ubuntu6.10
  php5-cli                        5.2.10.dfsg.1-2ubuntu6.10
  php5-common                     5.2.10.dfsg.1-2ubuntu6.10

Ubuntu 8.04 LTS:
  libapache2-mod-php5             5.2.4-2ubuntu5.17
  php-pear                        5.2.4-2ubuntu5.17
  php5                            5.2.4-2ubuntu5.17
  php5-cgi                        5.2.4-2ubuntu5.17
  php5-cli                        5.2.4-2ubuntu5.17
  php5-common                     5.2.4-2ubuntu5.17

Ubuntu 6.06 LTS:
  libapache2-mod-php5             5.1.2-1ubuntu3.24
  php-pear                        5.1.2-1ubuntu3.24
  php5                            5.1.2-1ubuntu3.24
  php5-cgi                        5.1.2-1ubuntu3.24
  php5-cli                        5.1.2-1ubuntu3.24
  php5-common                     5.1.2-1ubuntu3.24

In general, a standard system update will make all the necessary changes.

References

https://bugs.launchpad.net/ubuntu/+source/php5/+bug/774452, https://bugs.launchpad.net/ubuntu/+source/php5/+bug/776642

Severity
important
Lowest
Low
Medium
High
Critical

May 05, 2011

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.