Explore top 10 tips to secure your open-source projects now. Read More
×
USN 1126-1 introduced two regressions in PHP.
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
USN 1126-1 fixed several vulnerabilities in PHP. The fix for
CVE-2010-4697 introduced an incorrect reference counting regression
in the Zend engine that caused the PHP interpreter to segfault. This
regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.
The fixes for CVE-2011-1072 and CVE-2011-1144 introduced a regression
in the PEAR installer that prevented it from creating its cache
directory and reporting errors correctly.
We apologize for the inconvenience.
Original advisory details:
Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for
PHP 5.3.5 allows local users to delete arbitrary files via a symlink
attack on a directory under /var/lib/php5/. (CVE-2011-0441)
Raphael Geisert and Dan Rosenberg discovered that the PEAR installer
allows local users to overwrite arbitrary files via a symlink attac...
The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libapache2-mod-php5 5.3.5-1ubuntu7.2 php-pear 5.3.5-1ubuntu7.2 php5 5.3.5-1ubuntu7.2 php5-cgi 5.3.5-1ubuntu7.2 php5-cli 5.3.5-1ubuntu7.2 php5-common 5.3.5-1ubuntu7.2 Ubuntu 10.10: libapache2-mod-php5 5.3.3-1ubuntu9.5 php-pear 5.3.3-1ubuntu9.5 php5 5.3.3-1ubuntu9.5 php5-cgi 5.3.3-1ubuntu9.5 php5-cli 5.3.3-1ubuntu9.5 php5-common 5.3.3-1ubuntu9.5 Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.9 php-pear 5.3.2-1ubuntu4.9 php5 5.3.2-1ubuntu4.9 php5-cgi 5.3.2-1ubuntu4.9 php5-cli 5.3.2-1ubuntu4.9 php5-common 5.3.2-1ubuntu4.9 Ubuntu 9.10: libapache2-mod-php5 5.2.10.dfsg.1-2ubuntu6.10 php-pear 5.2.10.dfsg.1-2ubuntu6.10 php5 5.2.10.dfsg.1-2ubuntu6.10 php5-cgi 5.2.10.dfsg.1-2ubuntu6.10 php5-cli 5.2.10.dfsg.1-2ubuntu6.10 php5-common 5.2.10.dfsg.1-2ubuntu6.10 Ubuntu 8.04 LTS: libapache2-mod-php5 5.2.4-2ubuntu5.17 php-pear 5.2.4-2ubuntu5.17 php5 5.2.4-2ubuntu5.17 php5-cgi 5.2.4-2ubuntu5.17 php5-cli 5.2.4-2ubuntu5.17 php5-common 5.2.4-2ubuntu5.17 Ubuntu 6.06 LTS: libapache2-mod-php5 5.1.2-1ubuntu3.24 php-pear 5.1.2-1ubuntu3.24 php5 5.1.2-1ubuntu3.24 php5-cgi 5.1.2-1ubuntu3.24 php5-cli 5.1.2-1ubuntu3.24 php5-common 5.1.2-1ubuntu3.24 In general, a standard system update will make all the necessary changes.
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/774452, https://bugs.launchpad.net/ubuntu/+source/php5/+bug/776642
Get the latest Linux and open source security news straight to your inbox.