Thursday, February 27, 2025

[USN-7049-3] PHP vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmfAJ/0FAwAAAAAACgkQa1+PL+d1/Ej+
oQwAkZtYXyKKC/TUXFwkkxKmeX7vPIZjK6QsLvAh22tfQRwKzJzEWBuxU9jr8gTQ9SDISKmKzJFd
aXrC1OKGKgHI01QLkG+wPiVECQ2S9+MxWDPlpJTBaQ7gyk37XdKKm4L6WCtrmIvI0ibIdm6z5o4j
qMtn4pMSgbT88NbwzqmzuQy60njmU1+CjRg3LKnOMH+c3z4WQsPw/v4SmArsBc8tBbKE8gdGghOV
LCFa7T/LhfviETqgDfg9FHro1YJWUYND+t9gu9dE+Pc46M2DTVfOcwfnNgf4h3pZoJlwAQOBqctv
58im4aB1+qbue00Vqn0FJgq6vMS7WGOti6h8nkbKp2vUNpOAvoikoo2F4rM0pbRzVS8fd9rba9z1
/EUQK8lFazzk/w9tRy4NbzucVMPsJ/W2+lNz41kBbObiZtC1gCDIvgYD4V+0O925OcwX8dGuUwiJ
qOOWRPJCo9KDN8tLo0lOVRwlBahA2f6C2kZij2wEYyTinci7bEMmHl3ldgh7
=l06m
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7049-3
February 26, 2025

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
- php5: HTML-embedded scripting language interpreter

Details:

USN-7049-1 fixed vulnerabilities in PHP. This update
provides the corresponding updates for Ubuntu 14.04 LTS.

Original advisory details:

 It was discovered that PHP incorrectly handled parsing multipart form
 data.A remote attacker could possibly use this issue to inject payloads
 and cause PHP to ignore legitimate data. (CVE-2024-8925)

 It was discovered that PHP incorrectly handled the cgi.force_redirect
 configuration option due to environment variable collisions. In certain
 configurations, an attacker could possibly use this issue bypass
 force_redirect restrictions. (CVE-2024-8927)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.29+esm16
                                  Available with Ubuntu Pro
  php5                            5.5.9+dfsg-1ubuntu4.29+esm16
                                  Available with Ubuntu Pro
  php5-cgi                        5.5.9+dfsg-1ubuntu4.29+esm16
                                  Available with Ubuntu Pro
  php5-cli                        5.5.9+dfsg-1ubuntu4.29+esm16
                                  Available with Ubuntu Pro
  php5-fpm                        5.5.9+dfsg-1ubuntu4.29+esm16
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7049-3
  https://ubuntu.com/security/notices/USN-7049-2
  https://ubuntu.com/security/notices/USN-7049-1
  CVE-2024-8925, CVE-2024-8927

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)