UbuntuUpdates.org

Package "php5"

Name: php5

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • server-side, HTML-embedded scripting language (apache 2 filter module)
  • Enchant module for php5
  • internationalisation module for php5

Latest version: 5.3.2-1ubuntu4.30
Release: lucid (10.04)
Level: security
Repository: universe

Links

Save this URL for the latest version of "php5": http://www.ubuntuupdates.org/php5



Other versions of "php5" in Lucid

Repository Area Version
base main 5.3.2-1ubuntu4
base universe 5.3.2-1ubuntu4
security main 5.3.2-1ubuntu4.30
updates universe 5.3.2-1ubuntu4.30
updates main 5.3.2-1ubuntu4.30
PPA: nathan-renniewaldock ppa 5.4.26-1~ppa1~lucid

Packages in group

Deleted packages are displayed in grey.

libapache2-mod-php5filter php5-enchant php5-intl

Changelog

Version: 5.3.2-1ubuntu4.25 2014-06-23 13:06:23 UTC

  php5 (5.3.2-1ubuntu4.25) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info
    - debian/patches/CVE-2014-0237.patch: remove file_printf calls in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0237
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-0238.patch: fix infinite loop in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0238
  * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record
    parsing
    - debian/patches/CVE-2014-4049.patch: check length in
      ext/standard/dns.c.
    - CVE-2014-4049
 -- Marc Deslauriers <email address hidden> Thu, 19 Jun 2014 13:48:46 -0400

Source diff to previous version
CVE-2014-0237 The cdf_unpack_summary_info function in cdf.c in the Fileinfo ...
CVE-2014-0238 The cdf_read_property_info function in cdf.c in the Fileinfo component ...
CVE-2014-4049 Heap-based buffer overflow in the php_parserr function in ...

Version: 5.3.2-1ubuntu4.24 2014-04-07 14:07:08 UTC

  php5 (5.3.2-1ubuntu4.24) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service in fileinfo via crafted offset in
    PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-2270
 -- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 15:23:04 -0400

Source diff to previous version
CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context-dependent ...

Version: 5.3.2-1ubuntu4.23 2014-03-03 19:07:07 UTC

  php5 (5.3.2-1ubuntu4.23) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted indirect offset value
    in fileinfo
    - debian/patches/CVE-2013-1943.patch: properly handle recursion in
      ext/fileinfo/libmagic/{ascmagic.c,file.h,funcs.c,softmagic.c}, added
      test to ext/fileinfo/tests/cve-2014-1943.phpt.
    - CVE-2013-1943
 -- Marc Deslauriers <email address hidden> Fri, 28 Feb 2014 17:40:15 -0500

Source diff to previous version
CVE-2013-1943 The KVM subsystem in the Linux kernel before 3.0 does not check ...

Version: 5.3.2-1ubuntu4.22 2013-12-12 17:06:52 UTC

  php5 (5.3.2-1ubuntu4.22) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    malicious certificate
    - debian/patches/CVE-2013-6420.patch: properly validate timestr in
      ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*.
    - CVE-2013-6420
  * SECURITY UPDATE: denial of service via crafted interval specification
    - debian/patches/CVE-2013-6712.patch: check error_count in
      ext/date/lib/parse_iso_intervals.*.
    - CVE-2013-6712
 -- Marc Deslauriers <email address hidden> Wed, 11 Dec 2013 19:23:24 -0500

Source diff to previous version
CVE-2013-6420 php: memory corruption in openssl_x509_parse()
CVE-2013-6712 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...

Version: 5.3.2-1ubuntu4.21 2013-09-05 19:08:27 UTC

  php5 (5.3.2-1ubuntu4.21) lucid-security; urgency=low

  * SECURITY UPDATE: SSL cert validation spoofing via NULL character in
    subjectAltName.
    - debian/patches/CVE-2013-4248.patch: validate subjectAltName in
      ext/openssl/openssl.c, added test to ext/openssl/tests/cve2013_4073*.
    - CVE-2013-4248
 -- Marc Deslauriers <email address hidden> Wed, 04 Sep 2013 12:56:49 -0400

CVE-2013-4248 The openssl_x509_parse function in openssl.c in the OpenSSL module in ...



About   -   Send Feedback to @ubuntu_updates