USN-1937-1: PHP vulnerability
05 September 2013
- php5 - HTML-embedded scripting language interpreter
It was discovered that PHP did not properly handle certificates with NULL
characters in the Subject Alternative Name field. An attacker could exploit
this to perform a man in the middle attack to view sensitive information or
alter encrypted communications.
The problem can be corrected by updating your system to the following package versions:
- libapache2-mod-php5 - 5.3.2-1ubuntu4.21
- libapache2-mod-php5filter - 5.3.2-1ubuntu4.21
- php5-cgi - 5.3.2-1ubuntu4.21
- php5-cli - 5.3.2-1ubuntu4.21
In general, a standard system update will make all the necessary changes.