All Ubuntu package versions


AllTrustySaucyRaringPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "php5"

Name: php5

Description:

server-side, HTML-embedded scripting language (metapackage)
This package is a metapackage that, when installed, guarantees that you
have at least one of the three server-side versions of the PHP5 interpreter
installed. Removing this package won't remove PHP5 from your system, however
it may remove other packages that depend on this one.

PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
from C, Java and Perl with a couple of unique PHP-specific features thrown
in. The goal of the language is to allow web developers to write dynamically
generated pages quickly. This version of PHP5 was built with the Suhosin patch.

Latest version: 5.3.2-1ubuntu4.26
Release: lucid (10.04)
Level: updates
Repository: main
Homepage: http://www.php.net/

Links

Save this URL for the latest version of "php5": http://www.ubuntuupdates.org/php5

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "php5"

All arch deb package APT INSTALL

Other versions of "php5" in Lucid

RepositoryAreaVersion
base universe 5.3.2-1ubuntu4
base main 5.3.2-1ubuntu4
security main 5.3.2-1ubuntu4.26
security universe 5.3.2-1ubuntu4.26
updates universe 5.3.2-1ubuntu4.26
PPA: nathan-renniewaldock ppa 5.4.26-1~ppa1~lucid

Packages in group

Deleted packages are displayed in grey.

libapache2-mod-php5 php-pear php5-cgi php5-cli php5-common
php5-curl php5-dbg php5-dev php5-gd php5-gmp
php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell
php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy
php5-xmlrpc php5-xsl

Change Log

Version: 5.3.2-1ubuntu4.26 2014-07-09 18:06:42 UTC

  php5 (5.3.2-1ubuntu4.26) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
    - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0207
  * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
    - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3480
  * SECURITY UPDATE: denial of service and possible code execution via
    unserialize() SPL type confusion
    - debian/patches/CVE-2014-3515.patch: properly check types in
      ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
      ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
    - CVE-2014-3515
  * SECURITY UPDATE: denial of service via SPL Iterators use-after-free
    - debian/patches/CVE-2014-4670.patch: fix use-after-free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
    - CVE-2014-4670
  * SECURITY UPDATE: denial of service via ArrayIterator use-after-free
    - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
      during sorting in ext/spl/spl_array.c, added test to
      ext/spl/tests/bug67539.phpt.
    - CVE-2014-4698
  * SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
    - debian/patches/CVE-2014-4721.patch: fix type confusion in
      ext/standard/info.c, added test to
      ext/standard/tests/general_functions/bug67498.phpt.
    - CVE-2014-4721
 -- Marc Deslauriers <email address hidden> Tue, 08 Jul 2014 21:22:42 -0400

Source diff to previous version
1338170 PHP 5 infoleak vulnerability leading to potential SSL key disclosure
CVE-2014-0207 cdf_read_short_sector insufficient boundary check
CVE-2014-3480 cdf_count_chain insufficient boundary check
CVE-2014-3515 unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
CVE-2014-4670 RESERVED
CVE-2014-4698 RESERVED
CVE-2014-4721 The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...

Version: 5.3.2-1ubuntu4.25 2014-06-23 14:06:36 UTC

  php5 (5.3.2-1ubuntu4.25) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info
    - debian/patches/CVE-2014-0237.patch: remove file_printf calls in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0237
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-0238.patch: fix infinite loop in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0238
  * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record
    parsing
    - debian/patches/CVE-2014-4049.patch: check length in
      ext/standard/dns.c.
    - CVE-2014-4049
 -- Marc Deslauriers <email address hidden> Thu, 19 Jun 2014 13:48:46 -0400

Source diff to previous version
CVE-2014-0237 The cdf_unpack_summary_info function in cdf.c in the Fileinfo ...
CVE-2014-0238 The cdf_read_property_info function in cdf.c in the Fileinfo component ...
CVE-2014-4049 Heap-based buffer overflow in the php_parserr function in ...

Version: 5.3.2-1ubuntu4.24 2014-04-07 14:07:07 UTC

  php5 (5.3.2-1ubuntu4.24) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service in fileinfo via crafted offset in
    PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-2270
 -- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 15:23:04 -0400

Source diff to previous version
CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context-dependent ...

Version: 5.3.2-1ubuntu4.23 2014-03-03 19:07:01 UTC

  php5 (5.3.2-1ubuntu4.23) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted indirect offset value
    in fileinfo
    - debian/patches/CVE-2013-1943.patch: properly handle recursion in
      ext/fileinfo/libmagic/{ascmagic.c,file.h,funcs.c,softmagic.c}, added
      test to ext/fileinfo/tests/cve-2014-1943.phpt.
    - CVE-2013-1943
 -- Marc Deslauriers <email address hidden> Fri, 28 Feb 2014 17:40:15 -0500

Source diff to previous version
CVE-2013-1943 The KVM subsystem in the Linux kernel before 3.0 does not check ...

Version: 5.3.2-1ubuntu4.22 2013-12-12 18:06:57 UTC

  php5 (5.3.2-1ubuntu4.22) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    malicious certificate
    - debian/patches/CVE-2013-6420.patch: properly validate timestr in
      ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*.
    - CVE-2013-6420
  * SECURITY UPDATE: denial of service via crafted interval specification
    - debian/patches/CVE-2013-6712.patch: check error_count in
      ext/date/lib/parse_iso_intervals.*.
    - CVE-2013-6712
 -- Marc Deslauriers <email address hidden> Wed, 11 Dec 2013 19:23:24 -0500

CVE-2013-6420 php: memory corruption in openssl_x509_parse()
CVE-2013-6712 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...



About   -   Changelog   -   Send Feedback