USN-1937-1: PHP vulnerability
5 September 2013
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
- php5 - HTML-embedded scripting language interpreter
It was discovered that PHP did not properly handle certificates with NULL
characters in the Subject Alternative Name field. An attacker could exploit
this to perform a machine-in-the-middle attack to view sensitive information or
alter encrypted communications.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.