Ubuntu 761-2: PHP vulnerabilities
April 27, 2009
USN-761-1 fixed vulnerabilities in PHP
Summary
Update Instructions
References
Severity
php5 vulnerabilities
Package Information
==========================================================Ubuntu Security Notice USN-761-2 April 27, 2009
php5 vulnerabilities
CVE-2008-5814, CVE-2009-1271
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.04:
libapache2-mod-php5 5.2.6.dfsg.1-3ubuntu4.1
php5-cgi 5.2.6.dfsg.1-3ubuntu4.1
php5-cli 5.2.6.dfsg.1-3ubuntu4.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-761-1 fixed vulnerabilities in PHP.
This update provides the corresponding updates for Ubuntu 9.04.
Original advisory details:
It was discovered that PHP did not sanitize certain error messages when
display_errors is enabled, which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing server output during a crafted server request, a remote attacker
could exploit this to modify the contents, or steal confidential data
(such as passwords), within the same domain. (CVE-2008-5814)
It was discovered that PHP did not properly handle certain malformed
strings when being parsed by the json_decode function. A remote attacker
could exploit this flaw and cause the PHP server to crash, resulting in a
denial of service. This issue only affected Ubuntu 8.04 and 8.10.
(CVE-2009-1271)
Updated packages for Ubuntu 9.04:
Source archives:
Size/MD5: 187291 00163cced82382ba501edbf0dfe73a90
Size/MD5: 2542 29c2b8b8e43b6a74e7858bc5e9211ddc
Size/MD5: 12173741 b80fcee38363f031229368ceff8ced58
Architecture independent packages:
Size/MD5: 329660 57a38331745f615128acc5eb2cb93d21
Size/MD5: 1122 a7bc1c04d5f59af5d335c9008eeb3547
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 2614744 40eb2975c03b9c7606c7657cad163e92
Size/MD5: 5091040 754f144c124ed06590b52e50f306731e
Size/MD5: 2570356 4680afb5680815c9a391add86743e5e3
Size/MD5: 371976 8ac081a997503bd1209252fe2634b947
Size/MD5: 25466 0d3e9d553b77e89c1d7f155d80cb303c
Size/MD5: 8326788 6976570e9cf06b7a7f616d84f90f1beb
Size/MD5: 362928 c4cafb303990a7486771e0962aef42a1
Size/MD5: 37210 00f5de4981f6d9e80b5e45bc6458e3fb
Size/MD5: 16564 89022a28de0623a84005c70eaca5e319
Size/MD5: 20340 31451e0efcdac7c68fbea8e40aabf14e
Size/MD5: 5634 d33ff4d927e1cf8188daca3c51a90244
Size/MD5: 74258 87eb15879cba4e14a1fc699d3790ced4
Size/MD5: 38056 2bab17a8e312f9d6d47ad7e0257e7c55
Size/MD5: 57774 9a747d7140fa934758944853a330a478
Size/MD5: 9556 a7c6dc612b4763987e4a0f99e2c669d6
Size/MD5: 5148 f611947f090e3970c2bdc2a81d3a50f0
Size/MD5: 12606 0951b0bd1180a9ff0242db39d1b33601
Size/MD5: 39804 53c597a3330a4197a90c71eccd5fc2de
Size/MD5: 28704 fd5b07c7fa1f25a05047fa1149197cae
Size/MD5: 18102 7672f00fc2b43d5b1098f219b5e180d9
Size/MD5: 39510 c9361704c5ca84815b97816a0dd1c316
Size/MD5: 14018 0b38293200e367b91dc2c2ba503f8c2d
Size/MD5: 2613030 27ee9f6c756e218643f827aaa3d87ee0
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 2483016 7e7e8bae0066e670863fa985066cac9c
Size/MD5: 4935186 22bc0b6b65b4dd5cd35b8ba0e301b18a
Size/MD5: 2487744 78b2a302d89b9fcff54998a16c084b5c
Size/MD5: 368304 40f905e82252d2ba6d3a88aef0603ff9
Size/MD5: 23920 a47e3474a4aeefac1eac91fb30082fc1
Size/MD5: 8518218 e3007036547f5f8a6439fc257656f9b0
Size/MD5: 362964 dcf12bc532749a7622715ebaf9651ea1
Size/MD5: 32522 acd974f6188a2c0b5f07b52f3a2c77f0
Size/MD5: 14124 a49e6ff7dd2eb32e3d4e1d70456b56ec
Size/MD5: 18338 7bbdfa46a64072e989361edcf64dd7c5
Size/MD5: 5330 e549dcbde29491c86bbf78dbd61e273c
Size/MD5: 65948 cf343006d3ac73ca192a1913f270e97f
Size/MD5: 34832 e21b4a78220d4270f771aed92ef68741
Size/MD5: 52834 87b10921ab7d947a35d071c6d76633f7
Size/MD5: 8626 9972fba3fe212daf5b20c98b4814aafc
Size/MD5: 4898 657f32b9c5658d29f125ab23e07adec3
Size/MD5: 11878 94da3c1ffa370c28a717b9b3f6cc1948
Size/MD5: 34786 11a1a1bcb8e9d23e4e42df96d193463d
Size/MD5: 26264 e29efc30232b6a07a8b4103ba6398b71
Size/MD5: 16538 9515236280c98ecaabb10e7ee3fd42da
Size/MD5: 36554 73c041f424542db14e7a4854afd17a0a
Size/MD5: 12818 e7c13b1b226022484b125217e944131b
Size/MD5: 2481784 06a21c3e024d3ec1f305b906ec30ffa2
lpia architecture (Low Power Intel Architecture):
Size/MD5: 2456920 a424415cd0847a960129ec9cbae3edbc
Size/MD5: 4884544 d79e0b1af77ebe187739e62d153eb91f
Size/MD5: 2463180 56c1a6e0c0ca3c007f34327d7ae0b544
Size/MD5: 367832 9154e91aa26fe80ab0046e4a2f8815b3
Size/MD5: 23458 a5fe520ffc00fd949b8c133534eabb64
Size/MD5: 8581302 a9cd1c9b816f366ffecbd02bf17d5a54
Size/MD5: 362964 7e58d9e81ddc3b89a301615266c19709
Size/MD5: 32318 9d897b0c2cd10978cdd0722de276830e
Size/MD5: 14188 fb56f5c046241ed21696bffab8be01f8
Size/MD5: 18212 834b6733a261346c4652c11d9a72b7f5
Size/MD5: 5178 5406fb2847c88b126c57f70d6746139e
Size/MD5: 64530 5278e62e2100ed871a377653e6bdb08f
Size/MD5: 34390 47dd8ede5553adcd2ef38149b94087bc
Size/MD5: 52132 05c7630ebec3174f692ada53383f65ce
Size/MD5: 8566 13a0ac8422a7e05fbaaf6f1b24f12b9b
Size/MD5: 4842 eb7f8a91d2661f376b10dff10e61cc0e
Size/MD5: 11748 3bb842f7d465d3aeedf48c097151e628
Size/MD5: 34094 6dd49405c4f662d8d7fe73a0dbfd02ef
Size/MD5: 26194 619a06ed77adb836a6a0c461c7a6443d
Size/MD5: 16388 801e4734a078951f59bf293290e809a9
Size/MD5: 36034 260975149d9a15cb2d1e508eb883a59e
Size/MD5: 12714 c62bc8d175f9116669dc2c884b7acc75
Size/MD5: 2455750 c0daaf7b48a7dd093655b26bb4089c5f
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 2615954 4667cf91b73ce531a2b893f6b9753462
Size/MD5: 5082566 39789f53e78b53ad8e267ff6ccd16b80
Size/MD5: 2565540 59766a0d506b6c740af4bddaef0cf42d
Size/MD5: 374746 c966cccdf0476d3c28523e72aa4337b1
Size/MD5: 28202 8a4528a808d23e58ae3ac2f215e33830
Size/MD5: 9025824 e74665f1cd9ff30d3f532ccc877c92a0
Size/MD5: 362970 060057ddcbc44003943f53e3cbae2243
Size/MD5: 38308 e6940a89e931092549d15140c35a302f
Size/MD5: 16998 7b1466764a5f52650437cdf341c73426
Size/MD5: 21756 ae21faef6db62c26f1670569caf4092b
Size/MD5: 7742 2eb03375b102e1aff9439aa82095ba9f
Size/MD5: 77174 3032a0558ef85b6c61e7a322453773f3
Size/MD5: 41584 eb380952374e64956419987c5c8171ae
Size/MD5: 60734 095dd8e18f05d60d5bbc0f0400964eee
Size/MD5: 11116 250ce4c74efd771035346d6af4327d66
Size/MD5: 7280 4a7dd508624283da85a24b9eef797af5
Size/MD5: 14404 19dadcd88db18253090e1bcaab1441a9
Size/MD5: 42586 10b84491dcb67ea8f15ed8b3f3640fae
Size/MD5: 31290 a9e1ae9f57c90f9322dfb12d28dd3f2a
Size/MD5: 20004 92d9441fc12647e63c3641b2b525c29f
Size/MD5: 40802 e5d06c3d8cc351213be8cfe218e96d8d
Size/MD5: 16024 d2f30337d678b6b58fb9661f52a25385
Size/MD5: 2614826 4622aa05456f72bee8be5b4246af1e43
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 2472736 82c79436511f4bfe38a82f6ffde4ad6e
Size/MD5: 4839728 ee41a597f8258ce11dacdfb8874d9177
Size/MD5: 2440022 093bd1148308fa06722ba2c6363ee7f8
Size/MD5: 368112 3671bdd02b77a72e6a8a926166ab7c52
Size/MD5: 24366 e307ee44bcc3d51af50b2799b949b2fa
Size/MD5: 8416226 dff52795098e3ebc6b2f67bb7b503c8b
Size/MD5: 362954 f1de2986e7ea129945ad1ec088fb63c8
Size/MD5: 33102 bb320ddf22d00aaed80270a73c2fd769
Size/MD5: 13304 90e7c80394e2460c56cdd724d1313ea4
Size/MD5: 17566 a6ea835dca77e0a63f616d81cf97ef15
Size/MD5: 5144 fb434cc86486158bd06ce24e9af8f9ac
Size/MD5: 63470 09004ee1b8dfc4e32d71d3a9c3d6cc23
Size/MD5: 32856 6d4724a80b9445dfbed1e5df1af6a253
Size/MD5: 49968 83c2f54f9c3e10ff5e3d9e5436971e47
Size/MD5: 8360 fd4b7e3db8fadd0487c940726cd4cc23
Size/MD5: 4822 e9277729f259e41f1aa6efd360c19bcb
Size/MD5: 11702 ebc5d76c556adcab8bdbd0315cfda105
Size/MD5: 32692 0b667ec764aa4f90f42754a286f4bbaa
Size/MD5: 24908 2fff13c6714eabb9e285dba23bc38450
Size/MD5: 16494 becdacb0fb6dcd78a75d661ee1d10d45
Size/MD5: 35170 ddef1f8294043edc2cbf039d38613d7e
Size/MD5: 12298 286dd5841c526e1c982d28dcf777dd63
Size/MD5: 2471106 7b973db41c27f33856991524efc4630b
