=========================================================== Ubuntu Security Notice USN-99-1 March 18, 2005 php4 vulnerabilities CAN-2004-1018, CAN-2004-1063, CAN-2004-1064 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libapache2-mod-php4 php4-cgi The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.5. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Stefano Di Paola discovered integer overflows in PHP's pack() and unpack() functions. A malicious PHP script could exploit these to break out of safe mode and execute arbitrary code with the privileges of the PHP interpreter. (CAN-2004-1018) Note: The second part of CAN-2004-1018 (buffer overflow in the shmop_write() function) was already fixed in USN-66-1. Stefan Esser discovered two safe mode bypasses which allowed malicious PHP scripts to circumvent path restrictions. This was possible by either using virtual_popen() with a current directory containing shell metacharacters (CAN-2004-1063) or creating a specially crafted directory whose length exceeded the capacity of the realpath() function (CAN-2004-1064). Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.5.diff.gz Size/MD5: 613179 4d3220fdf142ea4452d63b5b43a6f4e6 http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.5.dsc Size/MD5: 1624 8f446c2c0955eaea56216d88e36d5497 http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.5_all.deb Size/MD5: 331892 979ce58b4a015422260867e593519cff http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.5_all.deb Size/MD5: 89336 6a2e16d473d1de97d52755a1ddae77df amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 1688216 e64c541115ecda5eea3c85b0f062d22d http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 3197308 e3c7a9349bf7a04d0307a83bd920c5c4 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 17286 faa85f567ff400564c117c59b5babe3b http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 40430 69501c96def30bd38769dcf7fcd6eb27 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 33490 b930a1cebaa93630e3a549075be7b67e http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 21232 5769905c83001d4d165a2a82a72826ae http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 18406 2b5ffcb4d7a3e02c9b81d99f8bfee6ba http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 7992 10a13e81ceaff20dc4d5efac30e2a486 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 23106 e435d0905882d980bea64b85b84ff014 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 28322 00f257d6dba08df74350873b6e1709ce http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 7618 bf717cde4c85379c45b7d0518545d5a3 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 12970 e385f9b9eb1717acac5ccfdccda4c590 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 21498 7b7bf6fdc33cfdd0c637459aedc49121 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 17246 fc4bf834225eecee09fe087596beede3 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.5_amd64.deb Size/MD5: 1704376 39926df0c6ebc4839a4c950cdea80e21 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 1630396 1086838fbd5631524e4d1812312a3d24 http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 3043776 3d09d579e2ec489eef002408e5955aa2 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 16858 773be934d2f6ccc78633b4d6b5eb8d96 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 35558 5b31c650f982128e3cda90b7feca06da http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 31062 98c989bd796931f320aaa948965fddbb http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 19474 95a3bd09fb5dae2a0db345f7cfe93ed4 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 17044 7e145ce46f1899ca198cf9013255a0a9 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 7738 e9267a6e8414576a87a626536d4babdf http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 20904 5b26b94d7d43960126bbf608f32057b5 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 26066 8e1fb222a468ed17514aa555cd46a2f0 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 7366 b5ac4f6072f7d64fd01335987cbbda45 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 12318 b9ce2a6d16379822d53447ff18ea8e2f http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 20012 7c36e00fe43456d0417f7b6235483623 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 15876 59b8feac4af347302ed527d36609f369 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.5_i386.deb Size/MD5: 1645060 2c9f34ab1d402b319e069d089ffa7875 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 1690268 4c47e5797f742e69dc6839e31b69e181 http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 3203256 21585ecca8f9805d3bf4ccbe508ad482 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 19110 042cda097407ec76232cc8d672f1c1ca http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 38282 8f6adf4576340c7b4bd78b46bbcd4167 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 34008 e9585d3e01afdaa4b7afe64f1e88c1a3 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 21474 6ca70e134438cc249eb200d295832116 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 19304 1905b529e355fc15cca77585627aeaab http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 9326 70eee9f85d8c8acaddd0659d576eb271 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 22690 4da53be0826249c7141ac58752ebe45a http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 28404 912be09d3247d60e9d83a4bf31009a1e http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 9008 b1bf15d490ebf266d2ce25f4f7f7a59a http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 14326 5f5248d3f08d054aa5d833e3bb06fa25 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 22198 79ecda1201c7c9a5ad7d708859f48dca http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 18062 8ec53737f729a13487c213d2cf7a62f3 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.5_powerpc.deb Size/MD5: 1707730 cdb0f8872816ad3cacbd48368dec273f
Attachment:
signature.asc
Description: Digital signature