Ubuntu alert USN-7049-3 (php5)

From:
             
 
Ian Constantin <ian.constantin@canonical.com>
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-7049-3] PHP vulnerabilities
Date:
             
 
Thu, 27 Feb 2025 10:53:17 +0200
Message-ID:
             
 
<0a9cfb04-b049-456a-b933-c8da13dfe9a2@canonical.com>
==========================================================================
Ubuntu Security Notice USN-7049-3
February 26, 2025

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
- php5: HTML-embedded scripting language interpreter

Details:

USN-7049-1 fixed vulnerabilities in PHP. This update
provides the corresponding updates for Ubuntu 14.04 LTS.

Original advisory details:

  It was discovered that PHP incorrectly handled parsing multipart form
  data.A remote attacker could possibly use this issue to inject payloads
  and cause PHP to ignore legitimate data. (CVE-2024-8925)

  It was discovered that PHP incorrectly handled the cgi.force_redirect
  configuration option due to environment variable collisions. In certain
  configurations, an attacker could possibly use this issue bypass
  force_redirect restrictions. (CVE-2024-8927)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
   libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro
   php5                            5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro
   php5-cgi                        5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro
   php5-cli                        5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro
   php5-fpm                        5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7049-3
   https://ubuntu.com/security/notices/USN-7049-2
   https://ubuntu.com/security/notices/USN-7049-1
   CVE-2024-8925, CVE-2024-8927



Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmfAJ/0FAwAAAAAACgkQa1+PL+d1/Ej+
oQwAkZtYXyKKC/TUXFwkkxKmeX7vPIZjK6QsLvAh22tfQRwKzJzEWBuxU9jr8gTQ9SDISKmKzJFd
aXrC1OKGKgHI01QLkG+wPiVECQ2S9+MxWDPlpJTBaQ7gyk37XdKKm4L6WCtrmIvI0ibIdm6z5o4j
qMtn4pMSgbT88NbwzqmzuQy60njmU1+CjRg3LKnOMH+c3z4WQsPw/v4SmArsBc8tBbKE8gdGghOV
LCFa7T/LhfviETqgDfg9FHro1YJWUYND+t9gu9dE+Pc46M2DTVfOcwfnNgf4h3pZoJlwAQOBqctv
58im4aB1+qbue00Vqn0FJgq6vMS7WGOti6h8nkbKp2vUNpOAvoikoo2F4rM0pbRzVS8fd9rba9z1
/EUQK8lFazzk/w9tRy4NbzucVMPsJ/W2+lNz41kBbObiZtC1gCDIvgYD4V+0O925OcwX8dGuUwiJ
qOOWRPJCo9KDN8tLo0lOVRwlBahA2f6C2kZij2wEYyTinci7bEMmHl3ldgh7
=l06m
-----END PGP SIGNATURE-----


Attachment: None (type=text/plain)