14 DAY TRIAL // Canonical has announced that a dpkg vulnerability in its Ubuntu 14.04 LTS, Ubuntu 13.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems has been identified and corrected.
The company has just released a new update for PHP, fixing a problem with this important package.
“Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service,” reads the security notice.
Also, “Stefan Esser discovered that PHP incorrectly handled DNS TXT records. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.”
These are just a couple of the vulnerabilities identified by the developer, and for a more detailed description of the problems you can see Canonical's security notification. Users have been advised to upgrade their systems as soon as possible.
The flaws can be fixed if you upgrade your system(s) to the latest php5 packages specific to each distribution. To apply the patch, run the Update Manager application.
In general, a standard system update will make all the necessary changes, and users won't have to restart the PC or laptop in order to apply the patch. This update can also be performed from the terminal, with the apt-get dist-upgrade command.