Ubuntu alert USN-6305-3 (php7.0 and php7.2)
| From: | "Leonidas S. Barbosa" <leo.barbosa@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6305-3] PHP regression | |
| Date: | Wed, 03 Jul 2024 18:12:45 -0300 | |
| Message-ID: | <20240703211245.GA3066316@d4rkl41n> |
========================================================================== Ubuntu Security Notice USN-6305-3 July 03, 2024 php7.0 and php7.2 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: USN-6305-2 caused a regression in parsing XML. Software Description: - php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Details: USN-6305-2 fixed a vulnerability in PHP. The update caused a regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fix it. Original advisory details: It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. (CVE-2023-3823) It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code. (CVE-2023-3824) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS php7.2 7.2.24-0ubuntu0.18.04.17+esm4 Available with Ubuntu Pro php7.2-cgi 7.2.24-0ubuntu0.18.04.17+esm4 Available with Ubuntu Pro php7.2-cli 7.2.24-0ubuntu0.18.04.17+esm4 Available with Ubuntu Pro php7.2-fpm 7.2.24-0ubuntu0.18.04.17+esm4 Available with Ubuntu Pro php7.2-xml 7.2.24-0ubuntu0.18.04.17+esm4 Available with Ubuntu Pro php7.2-xmlrpc 7.2.24-0ubuntu0.18.04.17+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS php7.0 7.0.33-0ubuntu0.16.04.16+esm10 Available with Ubuntu Pro php7.0-cgi 7.0.33-0ubuntu0.16.04.16+esm10 Available with Ubuntu Pro php7.0-cli 7.0.33-0ubuntu0.16.04.16+esm10 Available with Ubuntu Pro php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm10 Available with Ubuntu Pro php7.0-xml 7.0.33-0ubuntu0.16.04.16+esm10 Available with Ubuntu Pro php7.0-xmlrpc 7.0.33-0ubuntu0.16.04.16+esm10 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6305-3 https://ubuntu.com/security/notices/USN-6305-1 https://launchpad.net/bugs/2071768
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmaFvskACgkQRbznW4QL H2lbPA//WGa5MLLx4ai9geJ/2frg17bcnobKRjYg5wfyDveAdqbRXQW8AhoW4052 v30gt/Astr/a/dKYNQWnB/QuHv68CF+LYLMu9te53CiCFPm1YrYGycyNf8sr8ICL JWJJgp1Y3/gdCiC9XeCSG+Emx6EVckFAGICdWdcQfkXfHB6Bp9nYRGviVASieasH PJz3iWNl7cpHeyry/dCgVx/A11CmnGmn+c+EL9JT1qA7aUb6CUV6iy8MyzoC/exU SSgdbLLHV9baIGBZZoAk26n6IM9d4fWYRfxD4b3sr7lRwHSv4thoZVmQ7MpMXKDp WrJmgkurzOk5SPgB6lQwL38W+gUOFbEYQvnNjMEDt6u9UxvFQhKEdzFVRenVXInf 9sj1PZfenlTdTRW7hbjxQhj7mxPZVWv33IXQKLOpSK21AA/JUTJVW37KDszyCgyC rnOjnXXfG2ozn41zCIDpYY+yAkkmsI1u7ds9EL4ud50lkBRp6ZI/3nEgiFPfyRAx ZW+MOj2BGV2TS5BphyssqcyfBa/m0D4lXXGd0mL3Q4oHRWiTquzLFExyThwSqpHu dTohzm7zTlFNQz4DUkfdpiG5L2h8PSC/Ru7CjZ+qKsd+SeG5zvChP0+amRAR+ori 7eJUEp4AuvUCcH0cLwjE5ba0PaUaE9ifkdtU4xuNsrXdid4cXqY= =Q2KL -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)