Ubuntu issues big PHP update
Thursday, July 24th, 2008
The Ubuntu development team yesterday released a series of security fixes for PHP running on Ubuntu 6.06 LTS, 7.04, 7.10 and Ubuntu 8.04 LTS.
The updates fix a number of security risks in PHP, including a problem with PHP not properly checking the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function.
The fix also fixes a flaw in the cURL library that allowed safe_mode and open_basedir restrictions to be bypassed. If a
PHP application were tricked into processing a bad file:// request, an attacker could read arbitrary files.
