CVE-2010-0397
Publication date 16 March 2010
Last updated 24 July 2024
Ubuntu priority
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.
Status
Package | Ubuntu Release | Status |
---|---|---|
php5 | 10.04 LTS lucid |
Not affected
|
9.10 karmic |
Fixed 5.2.10.dfsg.1-2ubuntu6.5
|
|
9.04 jaunty |
Fixed 5.2.6.dfsg.1-3ubuntu4.6
|
|
8.10 intrepid | Ignored end of life, was needed | |
8.04 LTS hardy |
Fixed 5.2.4-2ubuntu5.12
|
|
6.06 LTS dapper |
Fixed 5.1.2-1ubuntu3.19
|
Notes
Patch details
Package | Patch details |
---|---|
php5 |
References
Related Ubuntu Security Notices (USN)
- USN-989-1
- PHP vulnerabilities
- 20 September 2010