USN-99-2: Fixed php4 packages for USN-99-1
Publication date
24 March 2005
Overview
Fixed php4 packages for USN-99-1
Releases
Details
USN-99-1 fixed a safe mode bypass which allowed malicious PHP scripts
to circumvent path restrictions by creating a specially crafted
directory whose length exceeded the capacity of the realpath()
function (CAN-2004-1064). However, this caused severe regressions,
some applications like SquirrelMail and Gallery did not work any
more, and the package 'php4-pear' was empty. The current version
repairs this.
In addition this update fixes a crash of the PHP interpreter if
curl_init() was called with a non-string argument. Please note that
this is not security relevant since this condition usually cannot be
triggered externally.
USN-99-1 fixed a safe mode bypass which allowed malicious PHP scripts
to circumvent path restrictions by creating a specially crafted
directory whose length exceeded the capacity of the realpath()
function (CAN-2004-1064). However, this caused severe regressions,
some applications like SquirrelMail and Gallery did not work any
more, and the package 'php4-pear' was empty. The current version
repairs this.
In addition this update fixes a crash of the PHP interpreter if
curl_init() was called with a non-string argument. Please note that
this is not security relevant since this condition usually cannot be
triggered externally.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 4.10 warty | libapache2-mod-php4 – | ||
| php4-cgi – | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.