USN-1761-1: PHP vulnerability

13 March 2013

PHP could be made to expose sensitive information over the network.

Releases

Packages

  • php5 - HTML-embedded scripting language interpreter

Details

It was discovered that PHP incorrectly handled XML external entities in
SOAP WSDL files. A remote attacker could use this flaw to read arbitrary
files off the server.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 8.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.

References