PublicDateAtUSN: 2012-02-01
Candidate: CVE-2012-0057
PublicDate: 2012-02-02 00:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0057
 https://ubuntu.com/security/notices/USN-1358-1
Description:
 PHP before 5.3.9 has improper libxslt security settings, which allows
 remote attackers to create arbitrary files via a crafted XSLT stylesheet
 that uses the libxslt output extension.
Ubuntu-Description: 
Notes: 
 jdstrand> watch out for Debian regression (658087) for DSA-2399-1 in php5-xsl
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656308
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658087
Priority: medium
Discovered-by:
Assigned-to: sbeattie
CVSS: 

Patches_php5:
 upstream: http://svn.php.net/viewvc/?view=revision&revision=317759
 upstream: http://svn.php.net/viewvc/?view=revision&revision=317801
 upstream: http://svn.php.net/viewvc/?view=revision&revision=317953
 vendor: http://www.debian.org/security/2012/dsa-2399
 vendor: http://www.debian.org/security/2012/dsa-2399-2
upstream_php5: released (5.3.9-1)
hardy_php5: released (5.2.4-2ubuntu5.22)
lucid_php5: released (5.3.2-1ubuntu4.13)
maverick_php5: released (5.3.3-1ubuntu9.9)
natty_php5: released (5.3.5-1ubuntu7.6)
oneiric_php5: released (5.3.6-13ubuntu3.5)
devel_php5: not-affected (5.3.10-1ubuntu1)