Wednesday, March 13, 2013

[USN-1761-1] PHP vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRQMwOAAoJEGVp2FWnRL6TGDUQAJIT9LEeIDfJhfoijloAjPqr
6XhpmTjKyn55hizXGlidZJomf0N/furiU+yrLzdbEVvRKQb4TjCm55sEIoysbSTP
RwzFKuIvfIT+TuGtB8ibKuLm2AHeXOWSHP/TZ4oSqEZrIz0ZjP0VNYEd4xp3P9UD
oKU1WuaVHNREw2XjzzhA2n0X80YSepXxgmfu5EaQvcF005AHma4bQfswrHitc7Ts
yuoMdHBIeAJZESqamm3BwyrgdpQKIktkrixu3iDKBPuhnjL7fbIInrOm3EJlCNqQ
I2lq6s7M6ZelsS6YWqskk5nrZpZLdo9Sr536+7V2s1y0Y7xrb9pFLWi15ooL1T6I
yUeoBNl4Av/VLkiHYLCDJCvZJbDeSlV4dLsiVAhxab7thef5wBZcxJfG5J9v8hA8
PYBbLi6Y6x7xhperynmEidtorxcyRtG4kHs3Tpo7uxNimL0W7iBJwlC4BwpftG5e
80LVeS5fOTky1UzkeYkNggFcEfA8A207CRzSaffpEhzZzQ3195E6VXzlyqTUxUjy
Je5rX2FQLoSKB24JZwxy3bI2vIYsC7rNzNWXbjImDCSIJcxcYU9SUCteaWBygfkc
WW2PyfR+IE0HDgeSNtlwXYeIOHiACnskrSEX0KBaZ9RiPst9o9Jb8viEvl2Z4LuA
DB/8jo1SObCn6QLZEs4V
=eJGF
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1761-1
March 13, 2013

php5 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

PHP could be made to expose sensitive information over the network.

Software Description:
- php5: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled XML external entities in
SOAP WSDL files. A remote attacker could use this flaw to read arbitrary
files off the server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
php5 5.4.6-1ubuntu1.2

Ubuntu 12.04 LTS:
php5 5.3.10-1ubuntu3.6

Ubuntu 11.10:
php5 5.3.6-13ubuntu3.10

Ubuntu 10.04 LTS:
php5 5.3.2-1ubuntu4.19

Ubuntu 8.04 LTS:
php5 5.2.4-2ubuntu5.27

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1761-1
CVE-2013-1643

Package Information:
https://launchpad.net/ubuntu/+source/php5/5.4.6-1ubuntu1.2
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.6
https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.10
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.19
https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.27

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)