All Ubuntu package versions


AllUtopicTrustySaucyPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "php5"

Name: php5

Description:

server-side, HTML-embedded scripting language (metapackage)

Latest version: 5.3.10-1ubuntu3.15
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://www.php.net/

Links

Save this URL for the latest version of "php5": http://www.ubuntuupdates.org/php5

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "php5"

All arch deb package APT INSTALL

Other versions of "php5" in Precise

RepositoryAreaVersion
base main 5.3.10-1ubuntu3
base universe 5.3.10-1ubuntu3
security universe 5.3.10-1ubuntu3.15
updates main 5.3.10-1ubuntu3.15
updates universe 5.3.10-1ubuntu3.15
PPA: nathan-renniewaldock ppa 5.4.32-1~ppa1~precise

Packages in group

Deleted packages are displayed in grey.

libapache2-mod-php5 php-pear php5-cgi php5-cli php5-common
php5-curl php5-dbg php5-dev php5-gd php5-gmp
php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell
php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc
php5-xsl

Change Log

Version: 5.3.10-1ubuntu3.15 2014-10-30 13:06:46 UTC

  php5 (5.3.10-1ubuntu3.15) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via buffer overflow in mkgmtime()
    - debian/patches/CVE-2014-3668.patch: properly handle sizes in
      ext/xmlrpc/libxmlrpc/xmlrpc.c, added test to
      ext/xmlrpc/tests/bug68027.phpt.
    - CVE-2014-3668
  * SECURITY UPDATE: integer overflow in unserialize()
    - debian/patches/CVE-2014-3669.patch: fix overflow in
      ext/standard/var_unserializer.{c,re}, added test to
      ext/standard/tests/serialize/bug68044.phpt.
    - CVE-2014-3669
  * SECURITY UPDATE: Heap corruption in exif_thumbnail()
    - debian/patches/CVE-2014-3670.patch: fix sizes in ext/exif/exif.c.
    - CVE-2014-3670
  * SECURITY UPDATE: out of bounds read in elf note headers in fileinfo()
    - debian/patches/CVE-2014-3710.patch: validate note headers in
      ext/fileinfo/libmagic/readelf.c.
    - CVE-2014-3710
  * SECURITY UPDATE: local file disclosure via curl NULL byte injection
    - debian/patches/curl_embedded_null.patch: don't accept curl options
      with embedded NULLs in ext/curl/interface.c, added test to
      ext/curl/tests/bug68089.phpt.
    - No CVE number
 -- Marc Deslauriers <email address hidden> Tue, 28 Oct 2014 15:06:12 -0400

Source diff to previous version
CVE-2014-3710 out-of-bounds read in elf note headers

Version: 5.3.10-1ubuntu3.14 2014-09-10 00:06:25 UTC

  php5 (5.3.10-1ubuntu3.14) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-3587.patch: check for array under-runs as well
      as over-runs in ext/fileinfo/libmagic/cdf.c
    - CVE-2014-3587
  * SECURITY UPDATE: denial of service in dns_get_record
    - debian/patches/CVE-2014-3597.patch: check for DNS overflows in
      ext/standard/dns.c
    - CVE-2014-3587
 -- Seth Arnold <email address hidden> Wed, 03 Sep 2014 23:27:39 -0700

Source diff to previous version
CVE-2014-3587 Integer overflow in the cdf_read_property_info function in cdf.c in ...
CVE-2014-3597 Multiple buffer overflows in the php_parserr function in ...

Version: 5.3.10-1ubuntu3.13 2014-07-09 17:06:47 UTC

  php5 (5.3.10-1ubuntu3.13) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
    - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0207
  * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
    - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3480
  * SECURITY UPDATE: denial of service and possible code execution via
    unserialize() SPL type confusion
    - debian/patches/CVE-2014-3515.patch: properly check types in
      ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
      ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
    - CVE-2014-3515
  * SECURITY UPDATE: denial of service via SPL Iterators use-after-free
    - debian/patches/CVE-2014-4670.patch: fix use-after-free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
    - CVE-2014-4670
  * SECURITY UPDATE: denial of service via ArrayIterator use-after-free
    - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
      during sorting in ext/spl/spl_array.c, added test to
      ext/spl/tests/bug67539.phpt.
    - CVE-2014-4698
  * SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
    - debian/patches/CVE-2014-4721.patch: fix type confusion in
      ext/standard/info.c, added test to
      ext/standard/tests/general_functions/bug67498.phpt.
    - CVE-2014-4721
 -- Marc Deslauriers <email address hidden> Mon, 07 Jul 2014 08:41:06 -0400

Source diff to previous version
1338170 PHP 5 infoleak vulnerability leading to potential SSL key disclosure
CVE-2014-0207 cdf_read_short_sector insufficient boundary check
CVE-2014-3480 cdf_count_chain insufficient boundary check
CVE-2014-3515 unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
CVE-2014-4670 RESERVED
CVE-2014-4698 RESERVED
CVE-2014-4721 The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...

Version: 5.3.10-1ubuntu3.12 2014-06-23 13:06:24 UTC

  php5 (5.3.10-1ubuntu3.12) precise-security; urgency=medium

  * SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027)
    - debian/patches/CVE-2014-0185.patch: default to 0660 in
      sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in.
    - CVE-2014-0185
  * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info
    - debian/patches/CVE-2014-0237.patch: remove file_printf calls in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0237
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-0238.patch: fix infinite loop in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0238
  * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record
    parsing
    - debian/patches/CVE-2014-4049.patch: check length in
      ext/standard/dns.c.
    - CVE-2014-4049
 -- Marc Deslauriers <email address hidden> Thu, 19 Jun 2014 13:44:17 -0400

Source diff to previous version
1307027 php5-fpm: Possible privilege escalation due to insecure default permissions of sockets
CVE-2014-0185 sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP ...
CVE-2014-0237 The cdf_unpack_summary_info function in cdf.c in the Fileinfo ...
CVE-2014-0238 The cdf_read_property_info function in cdf.c in the Fileinfo component ...
CVE-2014-4049 Heap-based buffer overflow in the php_parserr function in ...

Version: 5.3.10-1ubuntu3.11 2014-04-07 14:07:11 UTC

  php5 (5.3.10-1ubuntu3.11) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service in fileinfo via crafted offset in
    PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-2270
 -- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 15:21:27 -0400

CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context-dependent ...



About   -   Changelog   -   Send Feedback