Ubuntu alert USN-7153-1 (php7.0, php7.2)
| From: | Julia Sarris <julia.sarris@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7153-1] PHP vulnerability | |
| Date: | Thu, 12 Dec 2024 11:27:56 -0500 | |
| Message-ID: | <87a49218-0718-405c-8bdb-95321a3c92ce@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7153-1 December 12, 2024 php7.0, php7.2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: PHP could be made to overwrite files. Software Description: - php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled long string inputs in two database drivers. An attacker could possibly use this issue to write files in locations they would not normally have access to. (CVE-2024-11236) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.17+esm7 Available with Ubuntu Pro libphp7.2-embed 7.2.24-0ubuntu0.18.04.17+esm7 Available with Ubuntu Pro php7.2 7.2.24-0ubuntu0.18.04.17+esm7 Available with Ubuntu Pro php7.2-common 7.2.24-0ubuntu0.18.04.17+esm7 Available with Ubuntu Pro php7.2-dev 7.2.24-0ubuntu0.18.04.17+esm7 Available with Ubuntu Pro php7.2-interbase 7.2.24-0ubuntu0.18.04.17+esm7 Available with Ubuntu Pro php7.2-mysql 7.2.24-0ubuntu0.18.04.17+esm7 Available with Ubuntu Pro php7.2-pgsql 7.2.24-0ubuntu0.18.04.17+esm7 Available with Ubuntu Pro php7.2-sqlite3 7.2.24-0ubuntu0.18.04.17+esm7 Available with Ubuntu Pro Ubuntu 16.04 LTS libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.16+esm13 Available with Ubuntu Pro libphp7.0-embed 7.0.33-0ubuntu0.16.04.16+esm13 Available with Ubuntu Pro php7.0 7.0.33-0ubuntu0.16.04.16+esm13 Available with Ubuntu Pro php7.0-common 7.0.33-0ubuntu0.16.04.16+esm13 Available with Ubuntu Pro php7.0-dev 7.0.33-0ubuntu0.16.04.16+esm13 Available with Ubuntu Pro php7.0-interbase 7.0.33-0ubuntu0.16.04.16+esm13 Available with Ubuntu Pro php7.0-mysql 7.0.33-0ubuntu0.16.04.16+esm13 Available with Ubuntu Pro php7.0-pgsql 7.0.33-0ubuntu0.16.04.16+esm13 Available with Ubuntu Pro php7.0-sqlite3 7.0.33-0ubuntu0.16.04.16+esm13 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7153-1 <https://ubuntu.com/security/notices/USN-7153-1> CVE-2024-11236
Attachment: None (type=text/html)
(HTML attachment elided)
Attachment: OpenPGP_0x401EFCBCDA0FF1BD.asc (type=application/pgp-keys)
-----BEGIN PGP PUBLIC KEY BLOCK----- xsBNBGao8McBCAD/mTHpWpp0rMyhX+xQYmuj1DoCiadFZysyAyKIFXODXRSOAQ58 YTf6BEuhPtEamZq+aJEGOTBJmUZxvGMv0Fo5yBN+OGoMA2CJQwxWQCZCptfivOCI D5p2eANebDVXpZHHgpNwCyFVZR/UfSLMqX/y2wEi1AC4CKc3ihFBWdMJVdDk6zz0 4g/x4w76CZczUpe17QWD1XuAWUxmaVGM/TiKjktq3Lp6yZrb0QSYjCovXAGwfBmz beludDi+EMDmh76PeKWfqQ38QSPEvN+Lv6OTjPWDfilfuOPpDZA2gsjNj3TaBllL k9YW98OrqsbegQ0BhPgoPYQ3S15ikv53M8o/ABEBAAHNKUp1bGlhIFNhcnJpcyA8 anVsaWEuc2FycmlzQGNhbm9uaWNhbC5jb20+wsCRBBMBCgA7FiEEOMd9M4Vpc6WH Yvv+QB78vNoP8b0FAmao8McCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA CgkQQB78vNoP8b3fXQf6Awx8Nd5FkMMGdrWqBjIPZv1Ogkka2+PiIqwqcIeQGvam V/bpIKOCb4QOS4kgQ+hNS1mmK+T/aWXRCYhiBIPAOIbo7jcMGxNz7V3+43RxlNVl zt3feYM/QAJmgK8bjdCzI5ZQHiyX8pgOieCylRrcjroQHa9CxHej4aJGCaPGLFGo 81lYWJm21NP4LJTLk03ncJT8Ss64R28cOWUHujysxftAPHVYpPLdlwuJ3lgC8M5n eq0qwsv22j62ldd/J7u2psRSczaU1ve/TfX71ZCyZZiw2Tm5HvaskD+CilXOaL2H +KediuEtkQk5KKQikg2XtjbqCYyIxQT50v1TIu86ss7ATQRmqPDHAQgA5zGDufJq 9MhhDPJqM3Qz4kQXLKDXz2l5EovU5olrYerGmskpUBUSwfgAeBu9gMP5Y24spir3 eMm6O7m8EJsihMPCw4Iblzi9YZZX1TY3wegRXFIiaqW5kELnjhVnRpS9WQi9FDd9 gGPp7X3iQ8/B6+nyHitqhcj2A+Vpk5HaguY8zl3yEOwFnud5TEbSb/xYz7DhX5uv B/FZ9rgn+j2N0hC/RVN1MpSRHZEbOCfpaYr/teiQexOWBlVVnZgCkHb9F0NiNImv dXVZ18jY5wfgxemfgm8l4nDUlSMUIMiwGYekPMEuYvoDNPwfzzlYHKrVoqp54KMd JALMUar1bVZtxQARAQABwsB2BBgBCgAgFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0F Amao8McCGwwACgkQQB78vNoP8b10+ggA8nW+R2g9BDvkpurM0lwpaCtgKbaENIGg lpxNXEEUEW7AaR4Mme+4PA/SdpWrFzVa0OGhqtZxkovUZXpgiLlx5/eR1Bl+TUuO rjZkjGBy3r2Ce1JLwKilSZk7Bk45L7QDxA+NOLSFS7ADqzv37J2jhpfczqrYdpSj kHgUvkapbuB0ONpQ/mhH9UDquY3eMGv3GSrvggVS0mKjR6bMl1plBWcfJ+Y//xQc 6S1bBdjbmwKMZjYbvhTpPbVeUOUdOg/0mYC/3rjSO+2OEn1Q+YIdfGqbLpDAbruG m7XHtUOXesWorhDMzQGRpj7R+ed/9uJs0Nvg5FqAKTrzh+90ngEGuA== =Qkbp -----END PGP PUBLIC KEY BLOCK-----
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0FAmdbDwwFAwAAAAAACgkQQB78vNoP8b0o jgf/ef4q6RIvxMf9Or6hYfLUcEbbx4uYqJzI6tcLctPhyivqRP64PcNe9aJek04fxQbKlpZiLOj5 uNQi/u7OXPPVXgM7fvqFaIIBXy41mDXjm2O4Hq4BB6VtMJU7A9o6oZrIZRdVKoSiaOOi+ilE2dTL xRnZqkwwpI2vQ1Jk7Fcve4jrQue5+EQnRbPK8no+5X81DxtYcgr7J4ES29/Z0mUBTcV+mrQTvnL5 DWaQKT6hS9mL69ejbYeBHGqHcvKFvmBlB/Vxi0qM9aFfYt8g5cfgDAXjDIgRqgpcLd38s81lbx7I by/aZNadjiG7uXXqoDzdmQXlOyWFed0Mnec0lgdcXQ== =tJKy -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)