A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libapache2-mod-php4 php4-cgi php4-curl
The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.3. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
FraMe from kernelpanik.org reported that the cURL module does not respect open_basedir restrictions. As a result, scripts which used cURL to open files with an user-specified path could read arbitrary local files outside of the open_basedir directory.
Stefano Di Paola discovered a vulnerability in PHP's shmop_write() function. Its "offset" parameter was not checked for negative values, which allowed an attacker to write arbitrary data to arbitrary memory locations. A script which passed unchecked parameters to shmop_write() could possibly be exploited to execute arbitrary code with the privileges of the web server and to bypass safe mode restrictions.