Stefan Esser discovered two buffer overflows in the htmlentities() and htmlspecialchars() functions. By supplying specially crafted input to PHP applications which process that input with these functions, a remote attacker could potentially exploit this to execute arbitrary code with the privileges of the application. (CVE-2006-5465)
This update also fixes bugs in the chdir() and tempnam() functions, which did not perform proper open_basedir checks. This could allow local scripts to bypass intended restrictions.
3 November 2006
A security issue affects these releases of Ubuntu and its derivatives:
Stefan Esser discovered two buffer overflows in the htmlentities() and htmlspecialchars() functions. By supplying specially crafted input to PHP applications which process that input with these functions, a remote attacker could potentially exploit this to execute arbitrary code with the privileges of the application. (CVE-2006-5465)
This update also fixes bugs in the chdir() and tempnam() functions, which did not perform proper open_basedir checks. This could allow local scripts to bypass intended restrictions.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the necessary changes.
Vulmon