Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : php5 vulnerabilities (USN-1042-1)

Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

It was discovered that an integer overflow in the XML UTF-8 decoding
code could allow an attacker to bypass cross-site scripting (XSS)
protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04
LTS, and Ubuntu 9.10. (CVE-2009-5016)

It was discovered that the XML UTF-8 decoding code did not properly
handle non-shortest form UTF-8 encoding and ill-formed subsequences in
UTF-8 data, which could allow an attacker to bypass cross-site
scripting (XSS) protections. (CVE-2010-3870)

It was discovered that attackers might be able to bypass
open_basedir() restrictions by passing a specially crafted filename.
(CVE-2010-3436)

Maksymilian Arciemowicz discovered that a NULL pointer derefence in
the ZIP archive handling code could allow an attacker to cause a
denial of service through a specially crafted ZIP archive. This issue
only affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and
Ubuntu 10.10. (CVE-2010-3709)

It was discovered that a stack consumption vulnerability in the
filter_var() PHP function when in FILTER_VALIDATE_EMAIL mode, could
allow a remote attacker to cause a denial of service. This issue only
affected Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu
10.10. (CVE-2010-3710)

It was discovered that the mb_strcut function in the Libmbfl library
within PHP could allow an attacker to read arbitrary memory within the
application process. This issue only affected Ubuntu 10.10.
(CVE-2010-4156)

Maksymilian Arciemowicz discovered that an integer overflow in the
NumberFormatter::getSymbol function could allow an attacker to cause a
denial of service. This issue only affected Ubuntu 10.04 LTS and
Ubuntu 10.10. (CVE-2010-4409)

Rick Regan discovered that when handing PHP textual representations of
the largest subnormal double-precision floating-point number, the
zend_strtod function could go into an infinite loop on 32bit x86
processors, allowing an attacker to cause a denial of service.
(CVE-2010-4645).

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true