Ubuntu
php5 package

CVE-2011-1938

  1. Natty (11.04)
  2. Bug #813110
Bug #813110 reported by Shaun Duncan
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
php5 (Ubuntu)
Fix Released
Low
Unassigned
Lucid
Fix Released
Low
Steve Beattie
Maverick
Fix Released
Low
Steve Beattie
Natty
Fix Released
Low
Steve Beattie
Oneiric
Fix Released
Low
Unassigned

Bug Description

PHP version 5.3.6 (5.3.6-11ubuntu1) contains a security flaw that allows a potential buffer overflow with function socket_connect. Patch should be applied via http://svn.php.net/viewvc?view=revision&revision=311369

Shaun Duncan (shaun-duncan)
visibility: private → public
Marc Deslauriers (mdeslaur)
Changed in php5 (Ubuntu Lucid):
importance: Undecided → Low
status: New → Confirmed
Changed in php5 (Ubuntu Maverick):
importance: Undecided → Low
status: New → Confirmed
Changed in php5 (Ubuntu Natty):
importance: Undecided → Low
status: New → Confirmed
Changed in php5 (Ubuntu Oneiric):
importance: Undecided → Low
status: New → Confirmed
Revision history for this message
Angel Abad (angelabad) wrote :

Fixed in 5.3.6-13ubuntu1 upload.

Changed in php5 (Ubuntu Oneiric):
status: Confirmed → Fix Released
Angel Abad (angelabad)
Changed in php5 (Ubuntu Lucid):
assignee: nobody → Angel Abad (angelabad)
status: Confirmed → In Progress
Angel Abad (angelabad)
Changed in php5 (Ubuntu Maverick):
assignee: nobody → Angel Abad (angelabad)
status: Confirmed → In Progress
Changed in php5 (Ubuntu Natty):
assignee: nobody → Angel Abad (angelabad)
status: Confirmed → In Progress
Revision history for this message
Angel Abad (angelabad) wrote :

php5 (5.3.2-1ubuntu4.10) lucid-security; urgency=low

  * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
    (LP: #813110)
    - debian/patches/php5-CVE-2011-1938.patch:
    - CVE-2011-1938

 -- Angel Abad <email address hidden> Tue, 20 Sep 2011 23:02:17 +0200

Changed in php5 (Ubuntu Lucid):
assignee: Angel Abad (angelabad) → nobody
status: In Progress → Confirmed
Revision history for this message
Angel Abad (angelabad) wrote :

php5 (5.3.3-1ubuntu9.6) maverick-security; urgency=low

  * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
    (LP: #813110)
    - debian/patches/php5-CVE-2011-1938.patch:
    - CVE-2011-1938

 -- Angel Abad <email address hidden> Tue, 20 Sep 2011 23:14:11 +0200

Changed in php5 (Ubuntu Maverick):
assignee: Angel Abad (angelabad) → nobody
status: In Progress → Confirmed
Revision history for this message
Angel Abad (angelabad) wrote :

php5 (5.3.5-1ubuntu7.3) natty-security; urgency=low

  * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
    (LP: #813110)
    - debian/patches/php5-CVE-2011-1938.patch:
    - CVE-2011-1938

 -- Angel Abad <email address hidden> Tue, 20 Sep 2011 23:22:13 +0200

Changed in php5 (Ubuntu Natty):
assignee: Angel Abad (angelabad) → nobody
status: In Progress → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Unsubscribing ubuntu-security-sponsors since Steve is handling this as part of his update.

Changed in php5 (Ubuntu Lucid):
status: Confirmed → In Progress
assignee: nobody → Steve Beattie (sbeattie)
Changed in php5 (Ubuntu Maverick):
status: Confirmed → In Progress
assignee: nobody → Steve Beattie (sbeattie)
Changed in php5 (Ubuntu Natty):
status: Confirmed → In Progress
assignee: nobody → Steve Beattie (sbeattie)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php5 - 5.3.5-1ubuntu7.3

---------------
php5 (5.3.5-1ubuntu7.3) natty-security; urgency=low

  [ Angel Abad ]
  * SECURITY UPDATE: File path injection vulnerability in RFC1867 File
    upload filename (LP: #813115)
    - debian/patches/php5-CVE-2011-2202.patch:
    - CVE-2011-2202
  * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
    (LP: #813110)
    - debian/patches/php5-CVE-2011-1938.patch:
    - CVE-2011-1938

  [ Steve Beattie ]
  * SECURITY UPDATE: DoS in zip handling due to addGlob() crashing
    on invalid flags
    - debian/patches/php5-CVE-2011-1657.patch: check for valid flags
    - CVE-2011-1657
  * SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit
    (non-ascii) passwords leading to a smaller collision space
    - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish
      to 1.2 to correct handling of passwords containing 8-bit
      (non-ascii) characters.
      CVE-2011-2483
  * SECURITY UPDATE: DoS due to failure to check for memory allocation errors
    - debian/patches/php5-CVE-2011-3182.patch: check the return values
      of the malloc, calloc, and realloc functions
    - CVE-2011-3182
  * SECURITY UPDATE: DoS in errorlog() when passed NULL
    - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in
      errorlog()
    - CVE-2011-3267
  * debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch:
    refresh patch to make it cleanly apply.
 -- Steve Beattie <email address hidden> Thu, 13 Oct 2011 13:49:23 -0700

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php5 - 5.3.3-1ubuntu9.6

---------------
php5 (5.3.3-1ubuntu9.6) maverick-security; urgency=low

  [ Angel Abad ]
  * SECURITY UPDATE: File path injection vulnerability in RFC1867 File
    upload filename (LP: #813115)
    - debian/patches/php5-CVE-2011-2202.patch:
    - CVE-2011-2202
  * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
    (LP: #813110)
    - debian/patches/php5-CVE-2011-1938.patch:
    - CVE-2011-1938

  [ Steve Beattie ]
  * SECURITY UPDATE: DoS in zip handling due to addGlob() crashing
    on invalid flags
    - debian/patches/php5-CVE-2011-1657.patch: check for valid flags
    - CVE-2011-1657
  * SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit
    (non-ascii) passwords leading to a smaller collision space
    - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish
      to 1.2 to correct handling of passwords containing 8-bit
      (non-ascii) characters.
      CVE-2011-2483
  * SECURITY UPDATE: DoS due to failure to check for memory allocation errors
    - debian/patches/php5-CVE-2011-3182.patch: check the return values
      of the malloc, calloc, and realloc functions
    - CVE-2011-3182
  * SECURITY UPDATE: DoS in errorlog() when passed NULL
    - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in
      errorlog()
    - CVE-2011-3267
 -- Steve Beattie <email address hidden> Thu, 13 Oct 2011 13:56:23 -0700

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php5 - 5.3.2-1ubuntu4.10

---------------
php5 (5.3.2-1ubuntu4.10) lucid-security; urgency=low

  [ Angel Abad ]
  * SECURITY UPDATE: File path injection vulnerability in RFC1867 File
    upload filename (LP: #813115)
    - debian/patches/php5-CVE-2011-2202.patch:
    - CVE-2011-2202
  * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
    (LP: #813110)
    - debian/patches/php5-CVE-2011-1938.patch:
    - CVE-2011-1938

  [ Steve Beattie ]
  * SECURITY UPDATE: DoS in zip handling due to addGlob() crashing
    on invalid flags
    - debian/patches/php5-CVE-2011-1657.patch: check for valid flags
    - CVE-2011-1657
  * SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit
    (non-ascii) passwords leading to a smaller collision space
    - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish
      to 1.2 to correct handling of passwords containing 8-bit
      (non-ascii) characters.
      CVE-2011-2483
  * SECURITY UPDATE: DoS due to failure to check for memory allocation errors
    - debian/patches/php5-CVE-2011-3182.patch: check the return values
      of the malloc, calloc, and realloc functions
    - CVE-2011-3182
  * SECURITY UPDATE: DoS in errorlog() when passed NULL
    - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in
      errorlog()
    - CVE-2011-3267
  * SECURITY UPDATE: information leak via handler interrupt (LP: #852871)
    - debian/patches/php5-CVE-2010-1914.patch: grab references before
      calling zendi_convert_to_long()
    - CVE-2010-1914
 -- Steve Beattie <email address hidden> Fri, 14 Oct 2011 14:24:59 -0700

Changed in php5 (Ubuntu Lucid):
status: In Progress → Fix Released
Changed in php5 (Ubuntu Maverick):
status: In Progress → Fix Released
Changed in php5 (Ubuntu Natty):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.