xsBNBGao8McBCAD/mTHpWpp0rMyhX+xQYmuj1DoCiadFZysyAyKIFXODXRSOAQ58
YTf6BEuhPtEamZq+aJEGOTBJmUZxvGMv0Fo5yBN+OGoMA2CJQwxWQCZCptfivOCI
D5p2eANebDVXpZHHgpNwCyFVZR/UfSLMqX/y2wEi1AC4CKc3ihFBWdMJVdDk6zz0
4g/x4w76CZczUpe17QWD1XuAWUxmaVGM/TiKjktq3Lp6yZrb0QSYjCovXAGwfBmz
beludDi+EMDmh76PeKWfqQ38QSPEvN+Lv6OTjPWDfilfuOPpDZA2gsjNj3TaBllL
k9YW98OrqsbegQ0BhPgoPYQ3S15ikv53M8o/ABEBAAHNKUp1bGlhIFNhcnJpcyA8
anVsaWEuc2FycmlzQGNhbm9uaWNhbC5jb20+wsCRBBMBCgA7FiEEOMd9M4Vpc6WH
Yvv+QB78vNoP8b0FAmao8McCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
CgkQQB78vNoP8b3fXQf6Awx8Nd5FkMMGdrWqBjIPZv1Ogkka2+PiIqwqcIeQGvam
V/bpIKOCb4QOS4kgQ+hNS1mmK+T/aWXRCYhiBIPAOIbo7jcMGxNz7V3+43RxlNVl
zt3feYM/QAJmgK8bjdCzI5ZQHiyX8pgOieCylRrcjroQHa9CxHej4aJGCaPGLFGo
81lYWJm21NP4LJTLk03ncJT8Ss64R28cOWUHujysxftAPHVYpPLdlwuJ3lgC8M5n
eq0qwsv22j62ldd/J7u2psRSczaU1ve/TfX71ZCyZZiw2Tm5HvaskD+CilXOaL2H
+KediuEtkQk5KKQikg2XtjbqCYyIxQT50v1TIu86ss7ATQRmqPDHAQgA5zGDufJq
9MhhDPJqM3Qz4kQXLKDXz2l5EovU5olrYerGmskpUBUSwfgAeBu9gMP5Y24spir3
eMm6O7m8EJsihMPCw4Iblzi9YZZX1TY3wegRXFIiaqW5kELnjhVnRpS9WQi9FDd9
gGPp7X3iQ8/B6+nyHitqhcj2A+Vpk5HaguY8zl3yEOwFnud5TEbSb/xYz7DhX5uv
B/FZ9rgn+j2N0hC/RVN1MpSRHZEbOCfpaYr/teiQexOWBlVVnZgCkHb9F0NiNImv
dXVZ18jY5wfgxemfgm8l4nDUlSMUIMiwGYekPMEuYvoDNPwfzzlYHKrVoqp54KMd
JALMUar1bVZtxQARAQABwsB2BBgBCgAgFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0F
Amao8McCGwwACgkQQB78vNoP8b10+ggA8nW+R2g9BDvkpurM0lwpaCtgKbaENIGg
lpxNXEEUEW7AaR4Mme+4PA/SdpWrFzVa0OGhqtZxkovUZXpgiLlx5/eR1Bl+TUuO
rjZkjGBy3r2Ce1JLwKilSZk7Bk45L7QDxA+NOLSFS7ADqzv37J2jhpfczqrYdpSj
kHgUvkapbuB0ONpQ/mhH9UDquY3eMGv3GSrvggVS0mKjR6bMl1plBWcfJ+Y//xQc
6S1bBdjbmwKMZjYbvhTpPbVeUOUdOg/0mYC/3rjSO+2OEn1Q+YIdfGqbLpDAbruG
m7XHtUOXesWorhDMzQGRpj7R+ed/9uJs0Nvg5FqAKTrzh+90ngEGuA==
=Qkbp
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0FAmdbDwwFAwAAAAAACgkQQB78vNoP8b0o
jgf/ef4q6RIvxMf9Or6hYfLUcEbbx4uYqJzI6tcLctPhyivqRP64PcNe9aJek04fxQbKlpZiLOj5
uNQi/u7OXPPVXgM7fvqFaIIBXy41mDXjm2O4Hq4BB6VtMJU7A9o6oZrIZRdVKoSiaOOi+ilE2dTL
xRnZqkwwpI2vQ1Jk7Fcve4jrQue5+EQnRbPK8no+5X81DxtYcgr7J4ES29/Z0mUBTcV+mrQTvnL5
DWaQKT6hS9mL69ejbYeBHGqHcvKFvmBlB/Vxi0qM9aFfYt8g5cfgDAXjDIgRqgpcLd38s81lbx7I
by/aZNadjiG7uXXqoDzdmQXlOyWFed0Mnec0lgdcXQ==
=tJKy
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7153-1
December 12, 2024
php7.0, php7.2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
PHP could be made to overwrite files.
Software Description:
- php7.2: HTML-embedded scripting language interpreter
- php7.0: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled long string inputs
in two database drivers. An attacker could possibly use this
issue to write files in locations they would not normally have
access to. (CVE-2024-11236)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
libphp7.2-embed 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2-common 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2-dev 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2-interbase 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2-mysql 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2-pgsql 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2-sqlite3 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
libphp7.0-embed 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
php7.0 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
php7.0-common 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
php7.0-dev 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
php7.0-interbase 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
php7.0-mysql 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
php7.0-pgsql 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
php7.0-sqlite3 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7153-1
CVE-2024-11236
December 12, 2024
php7.0, php7.2 vulnerability
==============================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
PHP could be made to overwrite files.
Software Description:
- php7.2: HTML-embedded scripting language interpreter
- php7.0: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled long string inputs
in two database drivers. An attacker could possibly use this
issue to write files in locations they would not normally have
access to. (CVE-2024-11236)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
libphp7.2-embed 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2-common 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2-dev 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2-interbase 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2-mysql 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2-pgsql 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
php7.2-sqlite3 7.2.24-0ubuntu0.18.04.17+esm7
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.16+
Available with Ubuntu Pro
libphp7.0-embed 7.0.33-0ubuntu0.16.04.16+
Available with Ubuntu Pro
php7.0 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
php7.0-common 7.0.33-0ubuntu0.16.04.16+
Available with Ubuntu Pro
php7.0-dev 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
php7.0-interbase 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
php7.0-mysql 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
php7.0-pgsql 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
php7.0-sqlite3 7.0.33-0ubuntu0.16.04.16+esm13
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/no
CVE-2024-11236
No comments:
Post a Comment