Public bug reported:
Reason:
Excerpt from the Debian changelog:
* New upstream release [4.4.4]
- Added missing safe_mode/open_basedir checks inside the error_log(),
file_exists(), imap_open() and imap_reopen() functions.
- Fixed overflows inside str_repeat() and wordwrap() functions on 64bit
systems.
- Fixed possible open_basedir/safe_mode bypass in cURL extension.
(CVE-2006-2563)
- Fixed overflow in GD extension on invalid GIF images.
- Fixed a buffer overflow inside sscanf() function. (CVE-2006-4020)
(Closes: 382261)
- Fixed memory_limit restriction on 64 bit system.
* New upstream release [4.4.3]
- Disallow certain characters in session names. (CVE-2006-3016)
- Fixed a bug that would allow variable to survive unset().
(CVE-2006-3017) (Closes: #382259)
- Fixed a buffer overflow inside the wordwrap() function.
- Prevent jumps to parent directory via the 2nd parameter of
the tempnam() function.
- Improved safe_mode check for the error_log() function.
- Fixed cross-site scripting inside the phpinfo() function.
** Affects: php4 (Ubuntu)
Importance: Undecided
Assignee: MOTU UVF Team
Status: Unconfirmed
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-2563
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-4020
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-3016
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-3017
--
[UVF Exception] Sync php4 4.4.4 from Debian unstable
https://launchpad.net/bugs/65266
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
