Ubuntu 1937-1: PHP vulnerability

    Date 05 Sep 2013
    Posted By LinuxSecurity Advisories
    Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
    Ubuntu Security Notice USN-1937-1
    September 05, 2013
    php5 vulnerability
    A security issue affects these releases of Ubuntu and its derivatives:
    - Ubuntu 13.04
    - Ubuntu 12.10
    - Ubuntu 12.04 LTS
    - Ubuntu 10.04 LTS
    Fraudulent security certificates could allow sensitive information to
    be exposed when accessing the Internet.
    Software Description:
    - php5: HTML-embedded scripting language interpreter
    It was discovered that PHP did not properly handle certificates with NULL
    characters in the Subject Alternative Name field. An attacker could exploit
    this to perform a man in the middle attack to view sensitive information or
    alter encrypted communications.
    Update instructions:
    The problem can be corrected by updating your system to the following
    package versions:
    Ubuntu 13.04:
      libapache2-mod-php5             5.4.9-4ubuntu2.3
      php5-cgi                        5.4.9-4ubuntu2.3
      php5-cli                        5.4.9-4ubuntu2.3
    Ubuntu 12.10:
      libapache2-mod-php5             5.4.6-1ubuntu1.4
      php5-cgi                        5.4.6-1ubuntu1.4
      php5-cli                        5.4.6-1ubuntu1.4
    Ubuntu 12.04 LTS:
      libapache2-mod-php5             5.3.10-1ubuntu3.8
      php5-cgi                        5.3.10-1ubuntu3.8
      php5-cli                        5.3.10-1ubuntu3.8
    Ubuntu 10.04 LTS:
      libapache2-mod-php5             5.3.2-1ubuntu4.21
      libapache2-mod-php5filter       5.3.2-1ubuntu4.21
      php5-cgi                        5.3.2-1ubuntu4.21
      php5-cli                        5.3.2-1ubuntu4.21
    In general, a standard system update will make all the necessary changes.
    Package Information:

    LinuxSecurity Poll

    How do you feel about the elimination of the terms 'blacklist' and 'slave' from the Linux kernel?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"112","title":"I strongly support this change - racially charged language should not be used in the code and documentation of the kernel and other open-source projects.","votes":"3","type":"x","order":"1","pct":42.86,"resources":[]},{"id":"113","title":"I'm indifferent - this small change will not affect broader issues of racial insensitivity and white privilege.","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"114","title":"I'm opposed to this change - there is no need to change language that has been used for years. It doesn't make sense for people to take offense to terminology used in community projects.","votes":"2","type":"x","order":"3","pct":28.57,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.