[Bug 852871] Re: PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability

Mon, 17 Oct 2011 15:15:59 -0700 

This bug was fixed in the package php5 - 5.3.2-1ubuntu4.10

---------------
php5 (5.3.2-1ubuntu4.10) lucid-security; urgency=low

  [ Angel Abad ]
  * SECURITY UPDATE: File path injection vulnerability in RFC1867 File
    upload filename (LP: #813115)
    - debian/patches/php5-CVE-2011-2202.patch:
    - CVE-2011-2202
  * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
    (LP: #813110)
    - debian/patches/php5-CVE-2011-1938.patch:
    - CVE-2011-1938

  [ Steve Beattie ]
  * SECURITY UPDATE: DoS in zip handling due to addGlob() crashing
    on invalid flags
    - debian/patches/php5-CVE-2011-1657.patch: check for valid flags
    - CVE-2011-1657
  * SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit
    (non-ascii) passwords leading to a smaller collision space
    - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish
      to 1.2 to correct handling of passwords containing 8-bit
      (non-ascii) characters.
      CVE-2011-2483
  * SECURITY UPDATE: DoS due to failure to check for memory allocation errors
    - debian/patches/php5-CVE-2011-3182.patch: check the return values
      of the malloc, calloc, and realloc functions
    - CVE-2011-3182
  * SECURITY UPDATE: DoS in errorlog() when passed NULL
    - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in
      errorlog()
    - CVE-2011-3267
  * SECURITY UPDATE: information leak via handler interrupt (LP: #852871)
    - debian/patches/php5-CVE-2010-1914.patch: grab references before
      calling zendi_convert_to_long()
    - CVE-2010-1914
 -- Steve Beattie <sbeat...@ubuntu.com>   Fri, 14 Oct 2011 14:24:59 -0700

** Changed in: php5 (Ubuntu Lucid)
       Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1657

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1938

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2202

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2483

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3182

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3267

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/852871

Title:
  PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/852871/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Reply via email to