php5 - server-side, HTML-embedded scripting language (metapackage)

Property Value
Distribution Ubuntu 14.04 LTS (Trusty Tahr)
Repository Ubuntu Updates Main i386
Package name php5
Package version 5.5.9+dfsg
Package release 1ubuntu4.26
Package architecture all
Package type deb
Installed size 29 B
Download size 1.28 KB
Official Mirror
This package is a metapackage that, when installed, guarantees that you
have at least one of the four server-side versions of the PHP5 interpreter
installed. Removing this package won't remove PHP5 from your system, however
it may remove other packages that depend on this one.
PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used
open source general-purpose scripting language that is especially suited
for web development and can be embedded into HTML.


Package Version Architecture Repository
php5_5.5.9+dfsg-1ubuntu4.26_all.deb 5.5.9+dfsg all Ubuntu Updates Main
php5_5.5.9+dfsg-1ubuntu4_all.deb 5.5.9+dfsg all Ubuntu Main
php5_5.5.9+dfsg-1ubuntu4_all.deb 5.5.9+dfsg all Ubuntu Main
php5 - - -


Name Value
libapache2-mod-php5 >= 5.5.9+dfsg-1ubuntu4.26
libapache2-mod-php5filter >= 5.5.9+dfsg-1ubuntu4.26
php5-cgi >= 5.5.9+dfsg-1ubuntu4.26
php5-common >= 5.5.9+dfsg-1ubuntu4.26
php5-fpm >= 5.5.9+dfsg-1ubuntu4.26


Type URL
Binary Package php5_5.5.9+dfsg-1ubuntu4.26_all.deb
Source Package php5

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install php5 deb package:
    # sudo apt-get install php5




2018-09-17 - Marc Deslauriers <>
php5 (5.5.9+dfsg-1ubuntu4.26) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service in exif parsing
- debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c.
- CVE-2018-14851
* SECURITY UPDATE: denial of service in exif parsing
- debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c.
- CVE-2018-14883
* SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked
- debian/patches/bug76582.patch: clean up brigade in
- No CVE number
2018-05-10 - Marc Deslauriers <>
php5 (5.5.9+dfsg-1ubuntu4.25) trusty-security; urgency=medium
* SECURITY UPDATE: opcache access controls bypass
- debian/patches/CVE-2018-10545.patch: do not set PR_SET_DUMPABLE by
default in sapi/fpm/fpm/fpm_conf.c, sapi/fpm/fpm/fpm_conf.h,
sapi/fpm/fpm/fpm_unix.c, sapi/fpm/
- CVE-2018-10545
* SECURITY UPDATE: infinite loop in iconv stream filter
- debian/patches/CVE-2018-10546-1.patch: fail on invalid sequences in
ext/iconv/iconv.c, ext/iconv/tests/bug76249.phpt.
- debian/patches/CVE-2018-10546-2.patch: fix tsrm_ls in
- CVE-2018-10546
* SECURITY UPDATE: XSS on PHAR error pages
- debian/patches/CVE-2018-10547.patch: remove potential unfiltered
outputs in ext/phar/phar_object.c, fix tests in ext/phar/tests/*.
- CVE-2018-10547
* SECURITY UPDATE: DoS via ldap_get_dn return value mishandling
- debian/patches/CVE-2018-10548.patch: check dn in ext/ldap/ldap.c,
add test to ext/ldap/tests/bug76248.phpt.
- CVE-2018-10548
2018-03-15 - Marc Deslauriers <>
php5 (5.5.9+dfsg-1ubuntu4.24) trusty-security; urgency=medium
* SECURITY UPDATE: stream_get_meta_data issue
- debian/patches/CVE-2016-10712.patch: properly handle metadata in
ext/standard/streamsfuncs.c, ext/standard/tests/*,
- debian/patches/CVE-2016-10712-2.patch: fix various tests.
- CVE-2016-10712
* SECURITY UPDATE: stack-based under-read in HTTP response parsing
- debian/patches/CVE-2018-7584.patch: prevent reading beyond buffer
start in ext/standard/http_fopen_wrapper.c,
- CVE-2018-7584
2018-02-08 - Marc Deslauriers <>
php5 (5.5.9+dfsg-1ubuntu4.23) trusty-security; urgency=medium
* SECURITY UPDATE: buffer over-read while unserializing untrusted data
- debian/patches/CVE-2017-12933.patch: add check to
ext/standard/var_unserializer.*, add test to
ext/standard/tests/serialize/bug74111.phpt, adjust test in
- CVE-2017-12933
* SECURITY UPDATE: information leak in php_parse_date function
- debian/patches/CVE-2017-16642.patch: fix backof/frontof in
ext/date/lib/parse_date.*, fix test in
ext/date/tests/bug53437_var3.phpt, added test to
- CVE-2017-16642
- debian/patches/CVE-2018-5712.patch: remove file name from output to
avoid XSS in ext/phar/shortarc.php, ext/phar/stub.h, fix tests in
- CVE-2018-5712
* SECURITY REGRESSION: exif_read_data broken (LP: #1633031)
- debian/patches/CVE-2016-6291-regression.patch: add DJI signatures to
the MAKERNOTE and its supported tags in ext/exif/exif.c.

See Also

Package Description
pidgin-data_2.10.9-0ubuntu3.4_all.deb multi-protocol instant messaging client - data files
pidgin-dev_2.10.9-0ubuntu3.4_all.deb multi-protocol instant messaging client - development files
pidgin_2.10.9-0ubuntu3.4_i386.deb graphical multi-protocol instant messaging client for X
pkg-create-dbgsym_0.67~trusty_all.deb automatically build debug symbol ddeb packages
plymouth-label_0.8.8-0ubuntu17.2_i386.deb graphical boot animation and logger - label control
plymouth-theme-ubuntu-logo_0.8.8-0ubuntu17.2_i386.deb graphical boot animation and logger - ubuntu-logo theme
plymouth-theme-ubuntu-text_0.8.8-0ubuntu17.2_i386.deb graphical boot animation and logger - ubuntu-logo theme
plymouth_0.8.8-0ubuntu17.2_i386.deb graphical boot animation and logger - main package
pm-utils_1.4.1-13ubuntu0.2_all.deb utilities and scripts for power management
policykit-1-doc_0.105-4ubuntu3.14.04.5_all.deb documentation for PolicyKit-1
policykit-1_0.105-4ubuntu3.14.04.5_i386.deb framework for managing administrative policies and privileges
pollinate_4.33-0ubuntu1~14.04.1_all.deb seed the pseudo random number generator
poppler-utils_0.24.5-2ubuntu4.14_i386.deb PDF utilities (based on Poppler)
postfix-cdb_2.11.0-1ubuntu1.2_i386.deb CDB map support for Postfix
postfix-dev_2.11.0-1ubuntu1.2_all.deb Loadable modules development environment for Postfix