All the supported Ubuntu systems have been affected by this issue

Sep 11, 2014 16:13 GMT  ·  By

Canonical has announced that a number of PHP vulnerabilities have been found and repaired in its Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems.

The company has just released a new update for PHP. The developers have explained that php5 could have been made to crash or run programs, had it received specially crafted network traffic.

“It was discovered that the Fileinfo component in php5 contains an integer overflow. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via a crafted CDF file,” reads the security notice.

Also, “it was discovered that the php_parserr function contains multiple buffer overflows. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code via crafted DNS records.”

These are two exploits identified, and for a more detailed description of the problems you can see Canonical's security notification. Users have been advised to upgrade their systems as soon as possible.

The flaws can be fixed if you upgrade your system(s) to the latest php5-related packages specific to each distribution. To apply the patch, run the Update Manager application.

In general, a standard system update will make all the necessary changes. Surprisingly enough, users will have to restart all Apache or php5-fpm instances.