===========================================================
Ubuntu Security Notice USN-882-1 January 13, 2010
php5 vulnerabilities
CVE-2009-2626, CVE-2009-4142, CVE-2009-4143
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
php5-cgi 5.1.2-1ubuntu3.18
php5-cli 5.1.2-1ubuntu3.18

Ubuntu 8.04 LTS:
php5-cgi 5.2.4-2ubuntu5.10
php5-cli 5.2.4-2ubuntu5.10

Ubuntu 8.10:
php5-cgi 5.2.6-2ubuntu4.6
php5-cli 5.2.6-2ubuntu4.6

Ubuntu 9.04:
php5-cgi 5.2.6.dfsg.1-3ubuntu4.5
php5-cli 5.2.6.dfsg.1-3ubuntu4.5

Ubuntu 9.10:
php5-cgi 5.2.10.dfsg.1-2ubuntu6.4
php5-cli 5.2.10.dfsg.1-2ubuntu6.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Maksymilian Arciemowicz discovered that PHP did not properly handle the
ini_restore function. An attacker could exploit this issue to obtain
random memory contents or to cause the PHP server to crash, resulting in a
denial of service. (CVE-2009-2626)

It was discovered that the htmlspecialchars function did not properly
handle certain character sequences, which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output. With
cross-site scripting vulnerabilities, if a user were tricked into viewing
server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain. (CVE-2009-4142)

Stefan Esser discovered that PHP did not properly handle session data. An
attacker could exploit this issue to bypass safe_mode or open_basedir
restrictions. (CVE-2009-4143)