All the supported Ubuntu OSes were affected

Jul 8, 2015 14:17 GMT  ·  By

Canonical has published details in a security notice about some PHP vulnerabilities that were found and repaired in Ubuntu 15.04, Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS OSes.

The Ubuntu maintainers have been quick to upgrade the PHP package in all the supported OSes in order to correct a large number of issues that were identified upstream.

According to the security notice, "It was discovered that the PHP Fileinfo component incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. This issue only affected Ubuntu 15.04. Also, Andrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could use this issue with crafted serialized data to possibly obtain sensitive information."

This is just one of the issues found. For a more detailed description of the problems, you can check Canonical's security notification. In order to fix the issues, the Ubuntu users have been advised to upgrade their systems.

The flaw can be fixed if you upgrade your system(s) to the latest php5 and php5-related packages, specific to each distribution. To apply the patch, users can simply run the Update Manager application.

If you don't want to use the Software Updater, you can open a terminal and enter the following commands (you will need to be root):

code
sudo apt-get update
sudo apt-get dist-upgrade