AllPreciseOneiricNattyMaverickLucidHardyAll PPAs
DashboardRecent Search QueriesSearch StatisticsDownloads
Alphabetical listSearchBugs
Comments

Package "php5"

Name: php5

Description:

server-side, HTML-embedded scripting language (metapackage)
This package is a metapackage that, when installed, guarantees that you
have at least one of the four server-side versions of the PHP5 interpreter
installed. Removing this package won't remove PHP5 from your system, however
it may remove other packages that depend on this one.

PHP5 is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.
The goal of the language is to allow web developers to write
dynamically generated pages quickly. This version of PHP5 was built
with the Suhosin patch.
Latest version: 5.3.5-1ubuntu7.8
Release: natty (11.04)
Level: updates
Repository: main
Homepage: http://www.php.net/

Links

Save this URL for the latest version of "php5": http://www.ubuntuupdates.org/php5

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "php5"

All arch deb package APT INSTALL

Other versions of "php5" in Natty

RepositoryAreaVersion
base main 5.3.5-1ubuntu7
base universe 5.3.5-1ubuntu7
security main 5.3.5-1ubuntu7.8
security universe 5.3.5-1ubuntu7.8
updates universe 5.3.5-1ubuntu7.8
PPA: nathan-renniewaldock ppa 5.4.0-1build1~ppa1~natty

Packages in group

Deleted packages are displayed in grey.

libapache2-mod-php5 php-pear php5-cgi php5-cli php5-common
php5-curl php5-dbg php5-dev php5-gd php5-gmp
php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell
php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc
php5-xsl

Change Log

Version: 5.3.5-1ubuntu7.8 2012-05-04 15:08:45 UTC
No changelog available yet.
Source diff to previous version

Version: 5.3.5-1ubuntu7.7 2012-02-13 19:04:28 UTC

php5 (5.3.5-1ubuntu7.7) natty-security; urgency=low

  * debian/patches/php5-CVE-2012-0831-regression.patch: fix
    magic_quotes_gpc ini setting regression introduced by patch for
    CVE-2012-0831. Thanks to Ondřej Surý for the patch. (LP: #930115)

 -- Steve Beattie Fri, 10 Feb 2012 14:58:23 -0800
Source diff to previous version
930115 php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
CVE-2012-0831 RESERVED

Version: 5.3.5-1ubuntu7.6 2012-02-10 00:04:07 UTC

php5 (5.3.5-1ubuntu7.6) natty-security; urgency=low

  * SECURITY UPDATE: memory allocation failure denial of service
    - debian/patches/php5-CVE-2011-4153.patch: check result of
      zend_strdup() and calloc() for failed allocations
    - CVE-2011-4153
  * SECURITY UPDATE: predictable hash collision denial of service
    (LP: #910296)
    - debian/patches/php5-CVE-2011-4885.patch: add max_input_vars
      directive with default limit of 1000
    - ATTENTION: this update changes previous php5 behavior by
      limiting the number of external input variables to 1000.
      This may be increased by adding a "max_input_vars"
      directive to the php.ini configuration file. See
      http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars
      for more information.
    - CVE-2011-4885
  * SECURITY UPDATE: remote code execution vulnerability introduced by
    the fix for CVE-2011-4885 (LP: #925772)
    - debian/patches/php5-CVE-2012-0830.patch: return rather than
      continuing if max_input_vars limit is reached
    - CVE-2012-0830
  * SECURITY UPDATE: XSLT arbitrary file overwrite attack
    - debian/patches/php5-CVE-2012-0057.patch: add xsl.security_prefs
      ini option to define forbidden operations within XSLT stylesheets
    - CVE-2012-0057
  * SECURITY UPDATE: PDORow session denial of service
    - debian/patches/php5-CVE-2012-0788.patch: fail gracefully when
      attempting to serialize PDORow instances
    - CVE-2012-0788
  * SECURITY UPDATE: magic_quotes_gpc remote disable vulnerability
    - debian/patches/php5-CVE-2012-0831.patch: always restore
      magic_quote_gpc on request shutdown
    - CVE-2012-0831

 -- Steve Beattie Wed, 08 Feb 2012 20:58:41 -0800
Source diff to previous version
910296 Please backport the upstream patch to prevent attacks based on hash collisions
925772 UPDATE REQUEST: php53u 5.3.10 is available upstream
CVE-2011-4153 PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL p
CVE-2011-4885 PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote
CVE-2012-0830 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a lar
CVE-2012-0057 PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that us
CVE-2012-0788 RESERVED
CVE-2012-0831 RESERVED

Version: 5.3.5-1ubuntu7.4 2011-12-14 18:03:15 UTC

php5 (5.3.5-1ubuntu7.4) natty-security; urgency=low

  * SECURITY UPDATE: Denial of service and possible information disclosure
    via exif integer overflow
    - debian/patches/php5-CVE-2011-4566.patch: fix count checks in
      ext/exif/exif.c.
    - CVE-2011-4566

 -- Marc Deslauriers Mon, 12 Dec 2011 15:20:19 -0500
Source diff to previous version
CVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to

Version: 5.3.5-1ubuntu7.3 2011-10-18 00:02:36 UTC

php5 (5.3.5-1ubuntu7.3) natty-security; urgency=low

  [ Angel Abad ]
  * SECURITY UPDATE: File path injection vulnerability in RFC1867 File
    upload filename (LP: #813115)
    - debian/patches/php5-CVE-2011-2202.patch:
    - CVE-2011-2202
  * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
    (LP: #813110)
    - debian/patches/php5-CVE-2011-1938.patch:
    - CVE-2011-1938

  [ Steve Beattie ]
  * SECURITY UPDATE: DoS in zip handling due to addGlob() crashing
    on invalid flags
    - debian/patches/php5-CVE-2011-1657.patch: check for valid flags
    - CVE-2011-1657
  * SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit
    (non-ascii) passwords leading to a smaller collision space
    - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish
      to 1.2 to correct handling of passwords containing 8-bit
      (non-ascii) characters.
      CVE-2011-2483
  * SECURITY UPDATE: DoS due to failure to check for memory allocation errors
    - debian/patches/php5-CVE-2011-3182.patch: check the return values
      of the malloc, calloc, and realloc functions
    - CVE-2011-3182
  * SECURITY UPDATE: DoS in errorlog() when passed NULL
    - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in
      errorlog()
    - CVE-2011-3267
  * debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch:
    refresh patch to make it cleanly apply.

 -- Steve Beattie Thu, 13 Oct 2011 13:49:23 -0700
813115 CVE-2011-2202
813110 CVE-2011-1938
CVE-2011-2202 The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, whi
CVE-2011-1938 Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers
CVE-2011-1657 The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a de
CVE-2011-2483 openwall blowfish implementation weakness
CVE-2011-3182 PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attack
CVE-2011-3267 PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (applicatio


About   -   Changelog   -   Send Feedback
Site Meter