Ubuntu alert USN-261-1 (php4, php5)

From:
    	     
 
Martin Pitt <martin.pitt@canonical.com>
To:
    	     
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
    	     
 
[USN-261-1] PHP vulnerabilities
Date:
    	     
 
Fri, 10 Mar 2006 15:52:12 +0100
Cc:
    	     
 
full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
===========================================================
Ubuntu Security Notice USN-261-1	     March 10, 2006
php4, php5 vulnerabilities
CVE-2006-0207, CVE-2006-0208
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libapache2-mod-php4
libapache2-mod-php5

The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.15 (libapache2-mod-php4 for Ubuntu 4.10),
4:4.3.10-10ubuntu4.4 (libapache2-mod-php4 for Ubuntu 5.04), or
5.0.5-2ubuntu1.2 (libapache2-mod-php5 for Ubuntu 5.10). After a
standard system upgrade you need to restart Apache with

  sudo apache2ctl restart

to effect the necessary changes.

Details follow:

Stefan Esser discovered that the 'session' module did not sufficiently
verify the validity of the user-supplied session ID. A remote attacker
could exploit this to insert arbitrary HTTP headers into the response
sent by the PHP application, which could lead to HTTP Response
Splitting (forging of arbitrary responses on behalf the PHP
application) and Cross Site Scripting (XSS) (execution of arbitrary
web script code in the client's browser) attacks. (CVE-2006-0207)

PHP applications were also vulnerable to several Cross Site Scripting
(XSS) flaws if the options 'display_errors' and 'html_errors' were
enabled. Please note that enabling 'html_errors' is not recommended
for production systems. (CVE-2006-0208)


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4...
      Size/MD5:   628138 6d13c97dd5c273807d65e17194655c60
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4...
      Size/MD5:     1628 fa0855f0a47ac0da3ce2e0291efd53a8
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4...
      Size/MD5:  4832570 dd69f8c89281f088eadf4ade3dbd39ee

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-d...
      Size/MD5:   333536 a9cb4bfdff7175af25e3c43e1ca99e29
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:   335384 6482cb46c9928244e98f075827f6a617

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapa...
      Size/MD5:  1692324 9bca7af466e37a6e68f80cc104ec83c5
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-c...
      Size/MD5:  3201776 ad16f47eb8167d523ba5325854234134
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    17276 f1d347a6444fdb7761814d87175fbc1e
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    40432 76a417740ad35c0754aae3618fb46caa
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    33726 3f60b0940c13e49fd2e6167646a9f0a0
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    21242 8232a15a0f2057cd0d5aa7703523105e
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    18404 ab19760bfdd4d41a8334dd9674891968
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:     7990 f36099f811a9c485239836efe4ea7b50
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    23112 af5b40fd3c8c248920632f2d16692377
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    28332 9098834c216639b980b186fa89c4b61c
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:     7614 8609f8b3f0ea4fff235da1725ecb95a2
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    12972 939405ee34382b34d97ed3ab8a112202
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    21516 ef47b264b278f6ee28d1e22a28e5a4e2
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    17254 e80ca496ea9ce09e2db49e120f430968
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:  1707454 4b344c99f91702a34be20ac906e4a482

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapa...
      Size/MD5:  1632646 bb3c45fc7c9fde958ed5fcb0e2dc5f95
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-c...
      Size/MD5:  3047870 0dcee14032817defaeed22f19f5b66a1
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    16856 d7f94d7b5c522896bf4eec607d50caae
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    35558 de4a15aa5b76685bd6cefa08b553aa07
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    31184 7e5161ff9fdc4af900eafd98e7eb6312
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    19478 99fec171410209fafe5706fc965d222f
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    17058 3d52076616ad995093e6a3a8ecf51a24
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:     7750 610b08408adba4bd0cdde1c72a405451
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    20906 cd52c425e5ec328ccfd8b7e2f0a4881f
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    26074 147184e073208fec3d014305df55af99
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:     7384 2fb855d5acff88adacd88a1c80fa8f1d
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    12332 d2e4e434aec6a9ae47781c1e2b10c99c
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    20018 0ad88f2bed3b6e7800343db2b4caafa9
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    15890 9e8704ae18de2e8652408aa9ac185fa9
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:  1648546 acbff1804d03dac9911601492eb30aab

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapa...
      Size/MD5:  1694114 d4a9556dd253a37b326fc596284fd740
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-c...
      Size/MD5:  3206032 10a79acee7043c9b1296df4a53825db2
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    19086 0202b18371b88c3dcbf416b8d962bbbe

http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    38278 a35b44134e5806f1e2d9bb228079833a
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    34138 68fd54ba1875270ece632effb5c4b31d
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    21474 1fe77cb11f3d996e7bc5b328fa1587fb
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    19304 74483d0ababb948ca36dc230f38e193c

http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:     9322 4b8ca98be43e19fb9ca4ffefb97a375d

http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    22690 f2436da75b8a98670a377f16b9078a9c
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    28398 73a6a8d71b2ce40e66ea1382df9a4ec7

http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:     9004 aa511891afccfd013de583028ea68360
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    14330 ce8ac4276eafa5ac1602777f7cfebb8a

http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    22198 cb18a62f2d4d994239d41f429af0af0e
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:    18062 bb4654edd38aebe0930de90750a29973
    http://security.ubuntu.com/ubuntu/pool/universe/p/php4/ph...
      Size/MD5:  1711852 4ac67e4f5901a41713d2e3c661433efa

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4...
      Size/MD5:   277430 b95d85820bf701c7d2be61c5c7198175
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4...
      Size/MD5:     1471 54ba7948d8bd1306ec8171c54120f75b
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4...
      Size/MD5:  4892209 73f5d1f42e34efa534a09c6091b5a21e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4...
      Size/MD5:     1126 aa658ffc8f9b3aa714dd108bfa6cdc4d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapa...
      Size/MD5:  1657666 abdb0a81856e6e48417277100cfc60c9
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-c...
      Size/MD5:  3275608 6699fb5e09c4058af221ae4b85e4f51c
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-c...
      Size/MD5:  1647522 2c81ca2cdbe65ceded374bec8b154fd1
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-c...
      Size/MD5:   167492 80e89ed06194b6a2c442099b6bf7b9ad
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-d...
      Size/MD5:   348258 a458c24200211312c4210cbe17b583a7

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapa...
      Size/MD5:  1593040 2eda071c692053b4f967d62491668a32
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-c...
      Size/MD5:  3169848 b69ef99681b118966584ec4da1699416
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-c...
      Size/MD5:  1592914 1c47ded0b8c5863627a40bdd66894f29
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-c...
      Size/MD5:   167470 f30061db6c22f322930515711305d7f6
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-d...
      Size/MD5:   348258 f2e6c199baad4a244b82fd40b7d109cc

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapa...
      Size/MD5:  1658982 580e372591edea6f74b91bfb01d8bb87
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-c...
      Size/MD5:  3278814 b6d1d11bd146de15612b28512972706c
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-c...
      Size/MD5:  1646128 00ea1f813d38ec837076bbe9a51e2158
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-c...
      Size/MD5:   167476 fe7e2bb8ae313c7f8f762e31765c6231
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-d...
      Size/MD5:   348260 c40aef14c9384f3db289af464852e066

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5...
      Size/MD5:   102782 7b8c8048028dd7a7881beb5a234e5b59
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5...
      Size/MD5:     1709 ae55cff34b8fb62ce100a3d073c34c1b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5...
      Size/MD5:  6082082 ae36a2aa35cfaa58bdc5b9a525e6f451

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php-pe...
      Size/MD5:   173656 3787d99f04687153236f02f01d58f3be
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5...
      Size/MD5:     1040 fc592c124e11ad63f5b920e07feddf5a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapa...
      Size/MD5:  2013084 21c56fe0a894c6411b0d7d620a4bcd67
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-c...
      Size/MD5:  3971538 d07139986c945fcb9fe2f9d781ebaa6c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-c...
      Size/MD5:  1996650 a6cfcbc3fd6e7d1211e3657daafdfa01
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-c...
      Size/MD5:   127846 e3b9100832a9b0d565cf5ed0c72a09cb
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-c...
      Size/MD5:    23864 39fdd7db27a23bfa717bca8b46f429a5
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-d...
      Size/MD5:   218780 befa15e6a3e88b2519f438b03c9dec63
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-g...
      Size/MD5:    35558 a429ae30070e66e9d3fb1e6c8eff83f1
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-l...
      Size/MD5:    20660 fb61821a68782510b8e24404feaf3384
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-m...
      Size/MD5:     8618 12d7fa9662a363b0467b8f81e8a2a6e6
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-m...
      Size/MD5:    24472 e5ed51d65036c5a46e2781bd36b004b0
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-o...
      Size/MD5:    29288 42a5f708c5f4c9fc1b2f076f7d4425e6
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-p...
      Size/MD5:    40068 a30e930c33d4dc2f2f54cf6e3e1543cb
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-r...
      Size/MD5:     8096 8160c251f927bc288e119158ff6b62de
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-s...
      Size/MD5:    14468 8aad0ea75dd20c1c01a3b968dcaf4ebd
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-s...
      Size/MD5:    28152 b4c81504e1003b302b94728292fa2e24
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-s...
      Size/MD5:    22214 198fad0995287da902c62e86c3f82419
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-x...
      Size/MD5:    41888 211dabd2c0a0668d60943e9865b1ab4b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-x...
      Size/MD5:    15094 060cad7834fa57a5a0bb6555514a21da

  i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapa...
      Size/MD5:  1868592 7da56a69341521bf6305351f407ce5b0
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-c...
      Size/MD5:  3709496 8de15b1a09a36409a7ad4c1d1ff2a472
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-c...
      Size/MD5:  1864190 29599d5f9512190e0c3dcdea36dca798
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-c...
      Size/MD5:   127840 a4c2c2239f003e0d0778948082471744
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-c...
      Size/MD5:    22084 91ec51f58daf5b0f835097da2ea55012
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-d...
      Size/MD5:   218750 3a5a651193d791ce1e826824814c2a0b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-g...
      Size/MD5:    31610 c29c34b97c9514235939e525b2911d38
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-l...
      Size/MD5:    18536 e8c22c597c2c29bc5877f72faba08029
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-m...
      Size/MD5:     8240 c247c3f531d3e9f570119d779131cf8b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-m...
      Size/MD5:    21270 cfdbdf41dc59f5e9dd6391ae3f53a1de
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-o...
      Size/MD5:    26386 524ea719430e011497aa4c755e29e602
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-p...
      Size/MD5:    36038 bf0bcd479839e6e0a63a8335a3428dd5
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-r...
      Size/MD5:     7856 70f757ee6b82576fc410fcf2f6a39aa7
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-s...
      Size/MD5:    13362 035c5e0f97455e2ec76d708203ff79d0
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-s...
      Size/MD5:    24730 43570313345b3d37ccf0c29113215573
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-s...
      Size/MD5:    20112 2a4400f118f22bb96230e0017286c7de
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-x...
      Size/MD5:    37490 159f8030eda9e892c02fa15154a9cdcb
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-x...
      Size/MD5:    14020 4bd594b6df28395787c62a9811a9f1ac

  powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapa...
      Size/MD5:  1984002 27388376cf79927eceebd8e126cdac74
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-c...
      Size/MD5:  3908180 1911f448bc5fa6101a81d4042fca0da3
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-c...
      Size/MD5:  1962140 4e0054a55cebdbd0fe0b52300fd177fb
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-c...
      Size/MD5:   127852 e8ff3c709b39fec6477341f78b7cd21f
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-c...
      Size/MD5:    25784 3dee76d29a3de9884dfd7253d4e0ca57
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-d...
      Size/MD5:   218780 44d9d43ed0fbd4f431df9ddf2d5cd97d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-g...
      Size/MD5:    35492 bbb5daefd09ccdc25f5ea01dde39d45e
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-l...
      Size/MD5:    21132 2dbda88358f2cd260cd4e634459f4354
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-m...
      Size/MD5:    10012 14f184b7978cbbbd5762ef8ff6eb7c3d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-m...
      Size/MD5:    23962 0ea8334b1de434d6650407b41d27984f
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-o...
      Size/MD5:    29356 8a83c5850d95fda4a133a48b89f17121
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-p...
      Size/MD5:    39796 9605b1143ef9c17a03e8e6ba4e03984b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-r...
      Size/MD5:     9510 9ba4d7b186d8aab090cbce2729031b33
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-s...
      Size/MD5:    15306 7a03cc0de110e296b3fb677b4fc7e313
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-s...
      Size/MD5:    28400 1aa8320aa65b1ec2193acd6995ecee5b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-s...
      Size/MD5:    23186 6993cbc657129b9eb58dfd2833c8097d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-x...
      Size/MD5:    40476 a36854ae79d1b2dde2f2d7b164e2c08a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-x...
      Size/MD5:    15884 7537d0302cac7ce5d8c45bab9bb91b68

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...