News

=========================================================== Ubuntu Security Notice USN-207-1 October 17, 2005 php4 vulnerability CAN-2005-3054 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: libapache-mod-php4 libapache2-mod-php4 The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.13 (for Ubuntu 4.10), and 4:4.3.10-10ubuntu4.2 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A bug has been found in the handling of the open_basedir directive handling. Contrary to the specification, the value of open_basedir was handled as a prefix instead of a proper directory name even if it was terminated by a slash ('/'). For example, this allowed PHP scripts to access the directory /home/user10 when open_basedir was configured to '/home/user1/'.