=========================================================== Ubuntu Security Notice USN-66-2 February 17, 2005 php4 vulnerability http://www.securitytracker.com/alerts/2004/Oct/1011984.html =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libapache2-mod-php4 php4-cgi php4-curl The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.4. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Ubuntu Security Notice USN-66-1 described a circumvention of the "open_basedir" restriction by using the cURL module. Adam Conrad discovered that the fix from USN-66-1 still allowed to bypass this restriction with certain variants of path specifications. In addition this update fixes the crash of the PHP interpreter if curl_init() was called without parameters. For reference, this is the relevant part of the original advisory: FraMe from kernelpanik.org reported that the cURL module does not respect open_basedir restrictions. As a result, scripts which used cURL to open files with an user-specified path could read arbitrary local files outside of the open_basedir directory. Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.4.diff.gz Size/MD5: 611060 76c53132842eb8ece0ec556bee7000cf http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.4.dsc Size/MD5: 1624 e25032760f5ed679add0be6d48527170 http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.4_all.deb Size/MD5: 331626 ce1e79fb8ecc58f78d233066883f6725 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.4_all.deb Size/MD5: 332790 429505efcf671fb1d4da2968226ee4c6 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 1687480 462c58ddaab48de37ca1039e698c4c8c http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 3195780 51c1d068f62232af75e63f7e2a3c2230 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 17284 2f63e4d476d65e08233e57f933694ff2 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 40426 506434df3df05c237fc63da763825c95 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 33486 df79e497971d085a0680b3ddd9a269f1 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 21228 f2554def1efd2fa45c909a4261162e68 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 18400 e01c3969357a1b4bf152e7ad06bfef40 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 7992 a8817082c98b83b1fb55c214846512b2 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 23102 d0c791b8a5f10a7e9ea87b055a228312 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 28320 c1e191ce25142c8ed3f7ae5daf4d9b39 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 7612 606949271082345c796d3f9e9c2ec541 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 12970 3393e20aa9e3d1e3c2cf0bc0359f5806 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 21494 62868364df45a402a308c252657e60fa http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 17246 6361e60943f278449acd6d750c56025d http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.4_amd64.deb Size/MD5: 1703470 0e99f41c4ce66dc0e06491ba5295d51b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 1629902 38955a05f0f084ac684b834cfdc6edc7 http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 3042760 42ffd6b9ca6d0e493f788a02b5b257fb http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 16860 77ff98449d50e457bee48e9769d19cd2 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 35552 bddb8b6a234231e8f5d0c163b6a479a5 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 31070 dd71ae9453c1205a39e454c1ca532649 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 19478 9184835f69706e26c2cdefdf5b4c9564 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 17054 df4db9d3dd5d481f56a7b6484594b26f http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 7736 90eb3961904849858ddc8a044c3ce237 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 20900 d317c8c39d855aed6b8973be556688be http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 26064 2d6327245d431c74b13e06fdeea80e62 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 7370 bc7e541267ec1f44bad50c4dfac5a49a http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 12310 eb1944171d6a299501c0cea2097343a1 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 20000 6e0e22f1f03a6b5ffe3899420276457c http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 15870 54ac4231dcce2d17c68ff502714ad13e http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.4_i386.deb Size/MD5: 1644360 e10c54aeb7a05c1a0c2138efa39d20f9 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 1689706 fd463f39564a21417c7019f04d1cfec8 http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 3202562 44201779f8f3f774f55d48e32d408b8d http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 19106 64330e974972871eebe4bcd87279fc4d http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 38270 d7042bc5d75870eb2d432e846a2a5441 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 33998 738571843aab9897a901c6f6f65f98ee http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 21468 2d7e4c5c20c5dbdce612ed69ac3fd880 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 19304 7f1f2acf123d2786989bf99aec13ef83 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 9314 bfe0398e5c8d468d68e5a01a2aa4cdc4 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 22682 846114bf787f908a5437948be449d631 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 28404 b4bb776334efd838f1b3d7d484cbd519 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 8998 b7b29936ce086da1785794f41b6589be http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 14328 cf8af9f1d5ca318d186faafb7b5ad600 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 22186 8acd3167949589f38e2a203a815cd102 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 18056 66c7fe1689e4ccfa84de0da867fd43f9 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.4_powerpc.deb Size/MD5: 1707320 35ee359643a7677e0c75a79f00687c6d
Attachment:
signature.asc
Description: Digital signature