Several remote vulnerabilities have been discovered in PHP 5, an hypertext
preprocessor.
The Common Vulnerabilities and Exposures project identifies the following
problems:
- CVE-2010-1917
The fnmatch function can be abused to conduct denial of service attacks
(by crashing the interpreter) by the means of a stack overflow.
- CVE-2010-2225
The SplObjectStorage unserializer allows attackers to execute arbitrary
code via serialized data by the means of a use-after-free
vulnerability.
- CVE-2010-3065
The default sessions serializer does not correctly handle a special
marker, which allows an attacker to inject arbitrary variables into the
session and possibly exploit vulnerabilities in the unserializer.
- CVE-2010-1128
For this vulnerability (predictable entropy for the Linear Congruential
Generator used to generate session ids) we do not consider upstream’s
solution to be sufficient. It is recommended to uncomment the
session.entropy_file and session.entropy_length settings in the php.ini
files. Further improvements can be achieved by setting
session.hash_function to 1 (one) and incrementing the value of
session.entropy_length.
For the stable distribution (lenny), these problems have been fixed in
version 5.2.6.dfsg.1-1+lenny9.
For the testing distribution (squeeze) and the unstable distribution (sid),
these problems will be fixed soon.
We recommend that you upgrade your php5 packages.