==========================================================Ubuntu Security Notice USN-105-1 April 05, 2005
php4 vulnerabilities CAN-2005-0524, CAN-2005-0525
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.7. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Two Denial of Service vulnerabilities have been discovered in the
getimagesize() function. getimagesize() uses format specific internal
functions php_handle_iff() and php_handle_jpeg() which get stuck in
infinite loops when certain (invalid) size parameters are read from
the image. In web applications that allow users to upload arbitrary
image files, a remote attacker could render the server unavailable by
uploading specially crafted images.