Referenced CVEs:
CVE-2009-2626, CVE-2009-4142, CVE-2009-4143
Description:
=========================================================== Ubuntu Security Notice USN-882-1 January 13, 2010 php5 vulnerabilities CVE-2009-2626, CVE-2009-4142, CVE-2009-4143 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: php5-cgi 5.1.2-1ubuntu3.18 php5-cli 5.1.2-1ubuntu3.18 Ubuntu 8.04 LTS: php5-cgi 5.2.4-2ubuntu5.10 php5-cli 5.2.4-2ubuntu5.10 Ubuntu 8.10: php5-cgi 5.2.6-2ubuntu4.6 php5-cli 5.2.6-2ubuntu4.6 Ubuntu 9.04: php5-cgi 5.2.6.dfsg.1-3ubuntu4.5 php5-cli 5.2.6.dfsg.1-3ubuntu4.5 Ubuntu 9.10: php5-cgi 5.2.10.dfsg.1-2ubuntu6.4 php5-cli 5.2.10.dfsg.1-2ubuntu6.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. (CVE-2009-2626) It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2009-4142) Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions. (CVE-2009-4143)
More...
