| From the Ubuntu advisory:
It was discovered that PHP did not properly handle Unicode conversion in the
mbstring extension. If a PHP application were tricked into processing a
specially crafted string containing an HTML entity, an attacker could execute
arbitrary code with application privileges. (CVE-2008-5557)
It was discovered that PHP did not properly initialize the page_uid and page_gid
global variables for use by the SAPI php_getuid function. An attacker could
exploit this issue to bypass safe_mode restrictions. (CVE-2008-5624)
It was discovered that PHP did not properly enforce error_log safe_mode
restrictions when set by php_admin_flag in the Apache configuration file. A
local attacker could create a specially crafted PHP script that would overwrite
arbitrary files. (CVE-2007-5625)
It was discovered that PHP contained a flaw in the ZipArchive::extractTo
function. If a PHP application were tricked into processing a specially crafted
zip file that had filenames containing "..", an attacker could write arbitrary
files within the filesystem. This issue only applied to Ubuntu 7.10, 8.04 LTS,
and 8.10. (CVE-2008-5658)
| 