CVE-2010-1129
Publication date 26 March 2010
Last updated 24 July 2024
Ubuntu priority
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.
Status
Package | Ubuntu Release | Status |
---|---|---|
php5 | 10.04 LTS lucid |
Not affected
|
9.10 karmic |
Fixed 5.2.10.dfsg.1-2ubuntu6.5
|
|
9.04 jaunty |
Fixed 5.2.6.dfsg.1-3ubuntu4.6
|
|
8.10 intrepid | Ignored end of life, was needed | |
8.04 LTS hardy |
Fixed 5.2.4-2ubuntu5.12
|
|
6.06 LTS dapper |
Fixed 5.1.2-1ubuntu3.19
|
Notes
Patch details
Package | Patch details |
---|---|
php5 |
References
Related Ubuntu Security Notices (USN)
- USN-989-1
- PHP vulnerabilities
- 20 September 2010