[ffe] security upgrade to php 5.2.11

Bug #446313 reported by Martin Lindhe on 2009-10-08
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php5 (Ubuntu)
Wishlist
Unassigned

Bug Description

Binary package hint: php5

Security Enhancements and Fixes in PHP 5.2.11:

    * Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
    * Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
    * Added missing sanity checks around exif processing. (Ilia)
    * Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)

http://www.php.net/releases/5_2_11.php

php 5.2.11 is already available in debian: http://packages.debian.org/sid/php5

visibility: private → public
Changed in php5 (Ubuntu):
status: New → Confirmed
Chuck Short (zulcss) wrote :

This is not going to happen for karmic since we are releasing next week. The patches will be back ported and the appropriate CVE will be published.

Changed in php5 (Ubuntu):
importance: Undecided → Wishlist
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php5 - 5.2.10.dfsg.1-2ubuntu6.3

---------------
php5 (5.2.10.dfsg.1-2ubuntu6.3) karmic-security; urgency=low

  * SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313)
    - debian/patches/CVE-2009-3291.patch: validate certificate's CN length
      in ext/openssl/openssl.c.
    - CVE-2009-3291
  * SECURITY UPDATE: denial of service via malformed exif images
    (LP: #446313)
    - debian/patches/CVE-2009-3292.patch: check length, return codes, and
      nesting level in ext/exif/exif.c.
    - CVE-2009-3292
  * SECURITY UPDATE: safe_mode bypass via tempam function
    - debian/patches/CVE-2009-3557.patch: check for safe_mode in
      ext/standard/file.c.
    - CVE-2009-3557
  * SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo
    - debian/patches/CVE-2009-3558.patch: check for open_basedir in
      ext/posix/posix.c.
    - CVE-2009-3558
  * SECURITY UPDATE: denial of service via large number of files in
    form-data POST request.
    - debian/patches/CVE-2009-4017.patch: introduce new "max_file_uploads"
      directive and enforce in main/main.c, main/rfc1867.c.
    - ATTENTION: this update changes previous php5 behaviour by limiting
      the number of files in a POST request to 50. This may be increased
      by adding a "max_file_uploads" directive to the php.ini configuration
      file.
    - CVE-2009-4017
  * SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open()
    - debian/patches/CVE-2009-4018.patch: add safe_mode check in
      ext/standard/proc_open.c
    - CVE-2009-4018
 -- Marc Deslauriers <email address hidden> Thu, 26 Nov 2009 08:27:27 -0500

Changed in php5 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers