[Bug 239513] Re: [SRU] stack smashing detected when calling xmlrpc_set_type

Launchpad Bug Tracker 239513 at bugs.launchpad.net
Thu Nov 26 20:05:48 GMT 2009 

This bug was fixed in the package php5 - 5.2.6.dfsg.1-3ubuntu4.4

---------------
php5 (5.2.6.dfsg.1-3ubuntu4.4) jaunty-security; urgency=low

  * SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313)
    - debian/patches/CVE-2009-3291.patch: validate certificate's CN length
      in ext/openssl/openssl.c.
    - CVE-2009-3291
  * SECURITY UPDATE: denial of service via malformed exif images
    (LP: #446313)
    - debian/patches/CVE-2009-3292.patch: check length, return codes, and
      nesting level in ext/exif/exif.c.
    - CVE-2009-3292
  * SECURITY UPDATE: safe_mode bypass via tempam function
    - debian/patches/CVE-2009-3557.patch: check for safe_mode in
      ext/standard/file.c.
    - CVE-2009-3557
  * SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo
    - debian/patches/CVE-2009-3558.patch: check for open_basedir in
      ext/posix/posix.c.
    - CVE-2009-3558
  * SECURITY UPDATE: denial of service via large number of files in
    form-data POST request.
    - debian/patches/CVE-2009-4017.patch: introduce new "max_file_uploads"
      directive and enforce in main/main.c, main/rfc1867.c.
    - ATTENTION: this update changes previous php5 behaviour by limiting
      the number of files in a POST request to 50. This may be increased
      by adding a "max_file_uploads" directive to the php.ini configuration
      file.
    - CVE-2009-4017
  * SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open()
    - debian/patches/CVE-2009-4018.patch: add safe_mode check in
      ext/standard/proc_open.c
    - CVE-2009-4018
  * debian/patches/fix-xmlrpc-datetime.diff
    - Prevent stack smashing when using xmlrpc and datetime. (LP: #239513)
 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>   Thu, 26 Nov 2009 08:05:57 -0500

** Changed in: php5 (Ubuntu Jaunty)
       Status: Triaged => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3291

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3292

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3557

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3558

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-4017

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-4018

** Changed in: php5 (Ubuntu Intrepid)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-7068

-- 
[SRU] stack smashing detected when calling xmlrpc_set_type 
https://bugs.launchpad.net/bugs/239513
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.

More information about the Ubuntu-server-bugs mailing list