UbuntuUpdates.org

Package "php5"

Name: php5

Description:

server-side, HTML-embedded scripting language (metapackage)

Latest version: 5.3.10-1ubuntu3.19
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://www.php.net/

Links

Save this URL for the latest version of "php5": http://www.ubuntuupdates.org/php5


Download "php5"


Other versions of "php5" in Precise

Repository Area Version
base main 5.3.10-1ubuntu3
base universe 5.3.10-1ubuntu3
security universe 5.3.10-1ubuntu3.19
updates universe 5.3.10-1ubuntu3.19
updates main 5.3.10-1ubuntu3.19
PPA: nathan-renniewaldock ppa 5.4.35-1~ppa1~precise

Packages in group

Deleted packages are displayed in grey.

libapache2-mod-php5 php-pear php5-cgi php5-cli php5-common
php5-curl php5-dbg php5-dev php5-gd php5-gmp
php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell
php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc
php5-xsl

Changelog

Version: 5.3.10-1ubuntu3.19 2015-07-06 13:07:48 UTC

  php5 (5.3.10-1ubuntu3.19) precise-security; urgency=medium

  * SECURITY UPDATE: missing file path null byte checks
    - debian/patches/CVE-2015-3411.patch: add missing checks to
      ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
      ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/streamsfuncs.c,
      ext/xmlwriter/php_xmlwriter.c, ext/zlib/zlib.c, add tests to
      ext/fileinfo/tests/finfo_file_basic.phpt,
      ext/hash/tests/hash_hmac_file_error.phpt,
      backport CHECK_NULL_PATH to Zend/zend_API.h.
    - CVE-2015-3411
    - CVE-2015-3412
  * SECURITY UPDATE: denial of service via crafted tar archive
    - debian/patches/CVE-2015-4021.patch: handle empty strings in
      ext/phar/tar.c.
    - CVE-2015-4021
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
    - CVE-2015-4022
  * SECURITY UPDATE: denial of service via crafted form data
    - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
      in main/rfc1867.c.
    - CVE-2015-4024
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4025.patch: add missing checks to
      ext/pcntl/pcntl.c, ext/standard/dir.c.
    - CVE-2015-4025
    - CVE-2015-4026
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    with unexpected data type
    - debian/patches/CVE-2015-4147.patch: check variable types in
      ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
    - CVE-2015-4147
    - CVE-2015-4148
    - CVE-2015-4600
    - CVE-2015-4601
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4598.patch: add missing checks to
      ext/dom/document.c, ext/gd/gd.c.
    - CVE-2015-4598
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4599.patch: use proper types in
      ext/soap/soap.c.
    - CVE-2015-4599
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4602.patch: check for proper type in
      ext/standard/incomplete_class.c.
    - CVE-2015-4602
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4603.patch: check type in
      Zend/zend_exceptions.c, add test to
      ext/standard/tests/serialize/bug69152.phpt.
    - CVE-2015-4603
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
      ext/ftp/ftp.c.
    - CVE-2015-4643
  * SECURITY UPDATE: denial of service via php_pgsql_meta_data
    - debian/patches/CVE-2015-4644.patch: check return value in
      ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
    - CVE-2015-4644
  * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
    by CVE-2015-2783 security update.

 -- Marc Deslauriers Thu, 02 Jul 2015 07:42:32 -0400

Source diff to previous version
CVE-2015-2783 Buffer Over-read in unserialize when parsing Phar
CVE-2015-4021 The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first ch
CVE-2015-4022 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP ser
CVE-2015-4024 Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x
CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which a
CVE-2015-4026 The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 charact
CVE-2015-4147 The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_hea
CVE-2015-4148 The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property
CVE-2015-4598 Incorrect handling of paths with NULs
CVE-2015-4599 Type confusion vulnerability in exception::getTraceAsString
CVE-2015-4603 exception::getTraceAsString issue
CVE-2015-4643 Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)
CVE-2015-4644 Fixed bug #69667 (segfault in php_pgsql_meta_data)

Version: 5.3.10-1ubuntu3.18 2015-04-20 17:06:33 UTC

  php5 (5.3.10-1ubuntu3.18) precise-security; urgency=medium

  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
      sapi/apache2handler/sapi_apache2.c.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
      ext/phar/phar_internal.h.
    - CVE number pending
  * SECURITY UPDATE: heap overflow in regexp library
    - debian/patches/CVE-2015-2305.patch: check for overflow in
      ext/ereg/regex/regcomp.c.
    - CVE-2015-2305
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783
  * SECURITY UPDATE: arbitrary code exection via process_nested_data
    use-after-free
    - debian/patches/CVE-2015-2787.patch: fix logic in
      ext/standard/var_unserializer.*.
    - CVE-2015-2787
 -- Marc Deslauriers <email address hidden> Fri, 17 Apr 2015 06:25:37 -0400

Source diff to previous version
CVE-2015-2305 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in Net
CVE-2015-2783 Buffer Over-read in unserialize when parsing Phar
CVE-2015-2787 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5

Version: 5.3.10-1ubuntu3.17 2015-03-18 14:07:19 UTC

  php5 (5.3.10-1ubuntu3.17) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via recursion
    - debian/patches/CVE-2014-8117.patch: lower recursion limit in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-8117
  * SECURITY UPDATE: denial of service or possible code execution in
    enchant
    - debian/patches/CVE-2014-9705.patch: handle position better in
      ext/enchant/enchant.c.
    - CVE-2014-9705
  * SECURITY UPDATE: arbitrary code execution via use after free in
    unserialize() with DateTime
    - debian/patches/CVE-2015-0273.patch: fix use after free in
      ext/date/php_date.c, added test to ext/date/tests/*.phpt.
    - CVE-2015-0273
  * SECURITY UPDATE: denial of service or possible code execution in phar
    - debian/patches/CVE-2015-2301.patch: fix use after free in
      ext/phar/phar_object.c.
    - CVE-2015-2301
 -- Marc Deslauriers <email address hidden> Mon, 16 Mar 2015 13:59:27 -0400

Source diff to previous version
CVE-2014-8117 softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or cra
CVE-2014-9705 heap buffer overflow in enchant_broker_request_dict()
CVE-2015-0273 use after free vulnerability in unserialize() with DateTimeZone
CVE-2015-2301 use after free in phar_object.c

Version: 5.3.10-1ubuntu3.16 2015-02-17 19:06:39 UTC

  php5 (5.3.10-1ubuntu3.16) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution via improper handling of
    duplicate keys in unserializer
    - debian/patches/CVE-2014-8142.patch: fix use after free in
      ext/standard/var_unserializer.*, added test to
      ext/standard/tests/serialize/bug68594.phpt.
    - CVE-2014-8142
  * SECURITY UPDATE: arbitrary code execution via improper handling of
    duplicate keys in unserializer, additional fix
    - debian/patches/CVE-2015-0231.patch: fix use after free in
      ext/standard/var_unserializer.*, added test to
      ext/standard/tests/strings/bug68710.phpt.
    - CVE-2015-0231
  * debian/patches/remove_readelf.patch: remove readelf.c from fileinfo as
    it isn't used, and is a source of confusion when doing security
    updates.
  * debian/patches/CVE-2014-3710.patch: removed, wasn't needed.
 -- Marc Deslauriers <email address hidden> Fri, 13 Feb 2015 11:53:39 -0500

Source diff to previous version
CVE-2014-3710 out-of-bounds read in elf note headers
CVE-2014-8142 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5
CVE-2015-0231 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5

Version: 5.3.10-1ubuntu3.15 2014-10-30 13:06:46 UTC

  php5 (5.3.10-1ubuntu3.15) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via buffer overflow in mkgmtime()
    - debian/patches/CVE-2014-3668.patch: properly handle sizes in
      ext/xmlrpc/libxmlrpc/xmlrpc.c, added test to
      ext/xmlrpc/tests/bug68027.phpt.
    - CVE-2014-3668
  * SECURITY UPDATE: integer overflow in unserialize()
    - debian/patches/CVE-2014-3669.patch: fix overflow in
      ext/standard/var_unserializer.{c,re}, added test to
      ext/standard/tests/serialize/bug68044.phpt.
    - CVE-2014-3669
  * SECURITY UPDATE: Heap corruption in exif_thumbnail()
    - debian/patches/CVE-2014-3670.patch: fix sizes in ext/exif/exif.c.
    - CVE-2014-3670
  * SECURITY UPDATE: out of bounds read in elf note headers in fileinfo()
    - debian/patches/CVE-2014-3710.patch: validate note headers in
      ext/fileinfo/libmagic/readelf.c.
    - CVE-2014-3710
  * SECURITY UPDATE: local file disclosure via curl NULL byte injection
    - debian/patches/curl_embedded_null.patch: don't accept curl options
      with embedded NULLs in ext/curl/interface.c, added test to
      ext/curl/tests/bug68089.phpt.
    - No CVE number
 -- Marc Deslauriers <email address hidden> Tue, 28 Oct 2014 15:06:12 -0400

CVE-2014-3710 out-of-bounds read in elf note headers



About   -   Send Feedback to @ubuntu_updates