All Ubuntu package versions


AllRaringQuantalPreciseOneiricNattyLucidHardyAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
Comments

Package "php5"

Name: php5

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • server-side, HTML-embedded scripting language (apache 2 filter module)
  • Enchant module for php5
  • server-side, HTML-embedded scripting language (FPM-CGI binary)
  • internationalisation module for php5

Latest version: 5.3.5-1ubuntu7.11
Release: natty (11.04)
Level: security
Repository: universe
Homepage: http://www.php.net/

Links

Save this URL for the latest version of "php5": http://www.ubuntuupdates.org/php5

All versions of this package Bug fixes
List of files in package Repository home page for package

Other versions of "php5" in Natty

RepositoryAreaVersion
base main 5.3.5-1ubuntu7
base universe 5.3.5-1ubuntu7
security main 5.3.5-1ubuntu7.11
updates main 5.3.5-1ubuntu7.11
updates universe 5.3.5-1ubuntu7.11
PPA: nathan-renniewaldock ppa 5.4.8-1~ppa1~natty

Packages in group

Deleted packages are displayed in grey.

libapache2-mod-php5filter php5-enchant php5-fpm php5-intl php5-sybase

Change Log

Version: 5.3.5-1ubuntu7.4 2011-12-14 17:02:44 UTC

php5 (5.3.5-1ubuntu7.4) natty-security; urgency=low

  * SECURITY UPDATE: Denial of service and possible information disclosure
    via exif integer overflow
    - debian/patches/php5-CVE-2011-4566.patch: fix count checks in
      ext/exif/exif.c.
    - CVE-2011-4566

 -- Marc Deslauriers Mon, 12 Dec 2011 15:20:19 -0500
Source diff to previous version
CVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to

Version: 5.3.5-1ubuntu7.3 2011-10-17 23:02:23 UTC

php5 (5.3.5-1ubuntu7.3) natty-security; urgency=low

  [ Angel Abad ]
  * SECURITY UPDATE: File path injection vulnerability in RFC1867 File
    upload filename (LP: #813115)
    - debian/patches/php5-CVE-2011-2202.patch:
    - CVE-2011-2202
  * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
    (LP: #813110)
    - debian/patches/php5-CVE-2011-1938.patch:
    - CVE-2011-1938

  [ Steve Beattie ]
  * SECURITY UPDATE: DoS in zip handling due to addGlob() crashing
    on invalid flags
    - debian/patches/php5-CVE-2011-1657.patch: check for valid flags
    - CVE-2011-1657
  * SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit
    (non-ascii) passwords leading to a smaller collision space
    - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish
      to 1.2 to correct handling of passwords containing 8-bit
      (non-ascii) characters.
      CVE-2011-2483
  * SECURITY UPDATE: DoS due to failure to check for memory allocation errors
    - debian/patches/php5-CVE-2011-3182.patch: check the return values
      of the malloc, calloc, and realloc functions
    - CVE-2011-3182
  * SECURITY UPDATE: DoS in errorlog() when passed NULL
    - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in
      errorlog()
    - CVE-2011-3267
  * debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch:
    refresh patch to make it cleanly apply.

 -- Steve Beattie Thu, 13 Oct 2011 13:49:23 -0700
Source diff to previous version
813115 CVE-2011-2202
813110 CVE-2011-1938
CVE-2011-2202 The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, whi
CVE-2011-1938 Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers
CVE-2011-1657 The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a de
CVE-2011-2483 openwall blowfish implementation weakness
CVE-2011-3182 PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attack
CVE-2011-3267 PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (applicatio

Version: 5.3.5-1ubuntu7.2 2011-05-04 23:01:54 UTC

php5 (5.3.5-1ubuntu7.2) natty-security; urgency=low

  * debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix
    mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452)

 -- Steve Beattie Sat, 30 Apr 2011 16:00:39 -0700
Source diff to previous version
774452 php-pear: pecl install reports Call to undefined method PEAR::raiseErro()
CVE-2011-1144 The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (

Version: 5.3.5-1ubuntu7.1 2011-04-29 17:02:28 UTC

php5 (5.3.5-1ubuntu7.1) natty-security; urgency=low

  * SECURITY UPDATE: arbitrary files removal via cronjob
    - debian/php5-common.php5.cron.d: take greater care when removing
      session files.
    - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09
    - CVE-2011-0441
  * SECURITY UPDATE: symlink tmp races in pear install
    - debian/patches/php5-pear-CVE-2011-1072.patch: improved
      tempfile handling.
    - debian/rules: apply patch manually after unpacking PEAR phar
      archive.
    - CVE-2011-1072
  * SECURITY UPDATE: more symlink races in pear install
    - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save
      file handler.
    - debian/rules: apply patch manually after unpacking PEAR phar
      archive.
    - CVE-2011-1144
  * SECURITY UPDATE: denial of service through application crash with
    invalid images
    - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing
      steps are either 4 or 16.
    - CVE-2010-4698
  * SECURITY UPDATE: denial of service through application crash
    - debian/patches/php5-CVE-2011-0420.patch: improve grapheme_extract()
      argument validation.
    - CVE-2011-0420
  * SECURITY UPDATE: denial of service through application crash
    - debian/patches/php5-CVE-2011-0421.patch: fail operation gracefully
      when handling zero sized zipfile with the FL_UNCHANGED argument
    - CVE-2011-0421
  * SECURITY UPDATE: denial of service through application crash when
    handling images with invalid exif tags
    - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking
    - CVE-2011-0708
  * SECURITY UPDATE: denial of service and possible data disclosure
    through integer overflow
    - debian/patches/php5-CVE-2011-1092.patch: better boundary
      condition checks in shmop_read()
    - CVE-2011-1092
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/php5-CVE-2011-1148.patch: improve reference
      counting
    - CVE-2011-1148
  * SECURITY UPDATE: format string vulnerability
    - debian/patches/php5-CVE-2011-1153.patch: correctly quote format
      strings
    - CVE-2011-1153
  * SECURITY UPDATE: denial of service through buffer overflow crash
    (code execution mitigated by compilation with Fortify Source)
    - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision
      to ensure fitting within MAX_BUF_SIZE
    - CVE-2011-1464
  * SECURITY UPDATE: denial of service through application crash
    - debian/patches/php5-CVE-2011-1467.patch: check for invalid
      attribute symbols in NumberFormatter::setSymbol()
    - CVE-2011-1467
  * SECURITY UPDATE: denial of service through memory leak
    - debian/patches/php5-CVE-2011-1468.patch: fix memory leak of
      openssl contexts
    - CVE-2011-1468
  * SECURITY UPDATE: denial of service through application crash
    when using HTTP proxy with the FTP wrapper
    - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling
    - CVE-2011-1469
  * SECURITY UPDATE: denial of service through application crash when
    handling ziparchive streams
    - debian/patches/php5-CVE-2011-1470.patch: set necessary elements of
      the meta data structure
    - CVE-2011-1470
  * SECURITY UPDATE: denial of service through application crash when
    handling malformed zip files
    - debian/patches/php5-CVE-2011-1471.patch: correct integer
      signedness error when handling zip_fread() return value.
    - CVE-2011-1471
  * debian/control: replace build-depends on mysql-server with
    mysql-server-core-5.1 and mysql-client-5.1 to avoid upstart and
    mysql-server-5.1 postinst confusion with starting up multiple
    mysqlds listening on the same port.

 -- Steve Beattie Tue, 26 Apr 2011 08:34:26 -0700
CVE-2011-0441 The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /v
CVE-2011-1072 The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) do
CVE-2011-1144 The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (
CVE-2010-4698 Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of se
CVE-2011-0420 The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial
CVE-2011-0421 The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argume
CVE-2011-0708 exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of se
CVE-2011-1092 Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read se
CVE-2011-1148 Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (
CVE-2011-1153 Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sen
CVE-2011-1464 Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent a
CVE-2011-1467 Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-
CVE-2011-1468 Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via
CVE-2011-1469 Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application cr
CVE-2011-1470 The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that
CVE-2011-1471 Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU


About   -   Changelog   -   Send Feedback
Site Meter