Ubuntu 6301 Published by

Updated PHP4 packages are available for Ubuntu Linux 4.10

==========================================================
Ubuntu Security Notice USN-99-2 March 24, 2005
php4 vulnerabilities
CAN-2004-1064
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libapache2-mod-php4
php4-cgi

The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.6. In general, a standard system upgrade is sufficient to effect the necessary changes.



Details follow:

USN-99-1 fixed a safe mode bypass which allowed malicious PHP scripts to circumvent path restrictions by creating a specially crafted directory whose length exceeded the capacity of the realpath() function (CAN-2004-1064). However, this caused severe regressions, some applications like SquirrelMail and Gallery did not work any more, and the package 'php4-pear' was empty. The current version repairs this.

In addition this update fixes a crash of the PHP interpreter if curl_init() was called with a non-string argument. Please note that this is not security relevant since this condition usually cannot be triggered externally.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.6.diff.gz
Size/MD5: 613114 f69f7628cd864ce882f9db0b3bdd718e
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.6.dsc
Size/MD5: 1624 2e690cfc20fc44d52ce257ad1e7feb51
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.6_all.deb
Size/MD5: 332016 a077a1b54367ceae86bd9b59bc93019f
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.6_all.deb
Size/MD5: 333178 2072e61342dd886300d42d8e1279ca60

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 1688364 ba5ef7782432d555abfce43f619dd897
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 3197476 c7cacb23f3fb6f7ac549efebf035409b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 17272 b393362e0f9d956cc80596b8cbffca40
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 40428 a36bb1db9ef871722b8c7a6cce2972cb
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 33494 ecc6bedbf4f2c28bf0e04ae7c67b75af
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 21230 e78c062566dd0d561e4b06ea6c0559a2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 18408 60e21502e9e93b6103fb36d70385b04b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 7994 409379278006305215eb6e4c4348a25e
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 23114 c89dc41a87f7937ca0477406b8e14a89
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 28324 35dc32acc42792b196d22abdb4831fea
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 7618 b58887d97df54669c5224db4f35431b6
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 12972 0da311687ff193dad6a75e4255d5437a
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 21512 3e6e3a78663f5d6bfba9b3bc75125fb2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 17252 34a78e58024ecabf467075ebcf6a9393
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 1704494 b66e65463ce2402f5c65e6b682df30ec

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 1630548 0c7fdd498ab13d4fe4e0ce6651c22386
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 3044008 d62c723fb22e8f79a28f9315271a0322
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 16850 c9ddaa6b421998d3ab00232177582e40
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 35554 8f9c3cf4de700dff82c69b76d89f5269
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 31070 f1ef5632fe8ed9fd88b09f0131066e8a
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 19466 e48a2403dfb866efb814ce1648db83e6
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 17038 0a7f9083f863c2ec2159be914703bd76
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 7742 d8bb06ef141697646be330dad1683cb5
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 20898 1368183f2679abe05713d30e1d09c855
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 26064 bcde462599cb5200344d18e3cbd7001b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 7368 f92ef958a3919e1d3ff4aee042ddc992
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 12316 bc4008ee1c028ce32bde7deb6ca9f481
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 20008 eedf0fb2aaa44a4a281a797e00b8ad22
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 15874 9f6df902e65d50f380297fc3cf9b2ed3
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 1645216 f5a4cbdf8db229b484532bd9f95dc5ac

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 1690374 a2f5e3f4751adc2bf2fef0c428a2866a
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 3203424 0d626c3758cdd085cbd732db79aab134
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 19080 9ca252b4aae829c10370aab5bd8258a5
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 38274 dbad9078c5e9b5775d4b88073c38c739
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 34000 76298f9cd2fd909665a46e1a885f13be
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 21470 3c013d3279ec9049d9817c1498fb7afc
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 19300 371908a2d74c041a6edcd10f9bf1ec24
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 9314 28d7cb75691e81ac89dac754d7ee3098
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 22684 fa83d50c5d7c1b9406ff196dec908f58
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 28398 165c7bc72e6ccfd2559e7fe4cbe13934
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 9000 2aedac9c6b5d0dbe8054827e23e89e42
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 14318 691e7df38597f42d74e81cee4bca4a78
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 22192 8ef6cee127375f17a60323d4519cd1e0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 18052 ac34dbd5b7ebb2d7fceda989e24edcc2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 1707858 cdb7f64af6a0a0efe2a14fc357d867a8