14 DAY TRIAL // Canonical revealed details about PHP exploits that have been found and fixed in Ubuntu 14.10, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS.
Ubuntu maintainers have updated the PHP package in the official repositories, and all the supported OSes should now have access to the latest version of PHP. It's not a major update, but users should upgrade nonetheless.
"Paulos Yibelo discovered that PHP incorrectly handled moving files when a pathname contained a null character. A remote attacker could use this issue to bypass possibly filename restrictions. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 14.10. Also, it was discovered that PHP incorrectly handled cleanup when used with Apache 2.4 ," reads the security notice.
This is just one of the vulnerabilities found and fixed. For a more detailed description of the problems, you can see Canonical's security notification. Users have been advised to upgrade their systems as soon as possible.
The flaws can be fixed if you upgrade your system to the latest php5 package specific to each distribution. To apply the patch, users will have to run the Update Manager application. In general, a standard system update will make all the necessary changes, and there is no need for a restart.