Monday, September 9, 2024

[USN-6841-2] PHP vulnerability

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmbfC6AFAwAAAAAACgkQa1+PL+d1/EgO
4gv+Lhn4/kmdHtF7rcYWd0+YYGz6vb6ZkJvMC3wmxVLAFaB0r8r6Lintn4pk6qPOU1vG1+9zBAQc
x7fmxwP3hNt84jr1OMpCguRfpVvmn7/9DAoEGD8S6Yb8pU+0O5rS6/Ovflu4FoKKDIqDLXs1pXFG
QTmFt837GLh8iJc5TDqxifsvbPyhcWpEUSIaNeX8Nak+xDeDiDJSOoSChCLyJaMdG9K2Pqv7AfLD
Rc8lP6WdBwgTaolrK7ZAtdj1IONqEGVtRK2D1pZRM5BqpYmJ3BBUfNRwXtBeT6d59Bovx77pQzEc
jKhbSR3O03/QcAG1P9d31WDG75ROVIsBwNfTrQ5kxzDc/mA6WDTRptOTfKTG9jt5+u7f/weYBlhj
Jah1Wtur96fTZy8XBLtX8d8YacRnl9/XMQUTBA3DYfpWry8k8xRQ+DTpRhXp8u+NlgqMj1qJQ2lN
3/P0vIG6MqynY/G9fs14DrS2GRzWkLyEXKP66wcmN78J4trzL/e/PPw6Ixuq
=x2eH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6841-2
September 09, 2024

php7.0, php7.2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

PHP could be made to accept invalid URLs.

Software Description:
- php7.2: HTML-embedded scripting language interpreter
- php7.0: HTML-embedded scripting language interpreter

Details:

USN-6841-1 fixed a vulnerability in PHP. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

 It was discovered that PHP could early return in the filter_var function
 resulting in invalid user information being treated as valid user
 information. An attacker could possibly use this issue to expose raw
 user input information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  libapache2-mod-php7.2           7.2.24-0ubuntu0.18.04.17+esm5
                                  Available with Ubuntu Pro
  php7.2                          7.2.24-0ubuntu0.18.04.17+esm5
                                  Available with Ubuntu Pro
  php7.2-cgi                      7.2.24-0ubuntu0.18.04.17+esm5
                                  Available with Ubuntu Pro
  php7.2-cli                      7.2.24-0ubuntu0.18.04.17+esm5
                                  Available with Ubuntu Pro
  php7.2-fpm                      7.2.24-0ubuntu0.18.04.17+esm5
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.16+esm11
                                  Available with Ubuntu Pro
  php7.0                          7.0.33-0ubuntu0.16.04.16+esm11
                                  Available with Ubuntu Pro
  php7.0-cgi                      7.0.33-0ubuntu0.16.04.16+esm11
                                  Available with Ubuntu Pro
  php7.0-cli                      7.0.33-0ubuntu0.16.04.16+esm11
                                  Available with Ubuntu Pro
  php7.0-fpm                      7.0.33-0ubuntu0.16.04.16+esm11
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6841-2
  https://ubuntu.com/security/notices/USN-6841-1
  CVE-2024-5458

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)