[USN-7157-3] PHP vulnerabilities

Wed, 29 Jan 2025 09:04:25 -0800 

==========================================================================

Ubuntu Security Notice USN-7157-3
January 29, 2025

php7.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
- php7.0: HTML-embedded scripting language interpreter

Details:

USN-7157-1 fixed vulnerabilities in PHP versions 7.4, 8.1, and 8.3.
This update provides the corresponding updates for PHP version 7.0.

Original advisory details:

 It was discovered that PHP incorrectly handled certain inputs when
 processed with convert.quoted-printable decode filters.
 An attacker could possibly use this issue to expose sensitive
 information or cause a crash. (CVE-2024-11233)

 It was discovered that PHP incorrectly handled certain HTTP requests.
 An attacker could possibly use this issue to performing arbitrary
 HTTP requests originating from the server, thus potentially
 gaining access to resources not normally available to the external
 user. (CVE-2024-11234)

 It was discovered that PHP incorrectly handled certain inputs.
 An attacker could possibly use this issue to cause a crash or
 execute arbitrary code. (CVE-2024-8932)

 It was discovered that PHP incorrectly handled certain MySQL requests.
 An attacker could possibly use this issue to cause the client to
 disclose the content of its heap containing data from other SQL requests
 and possible other data belonging to different users of the same server.
 (CVE-2024-8929)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.16+esm14
                                  Available with Ubuntu Pro
  php7.0                          7.0.33-0ubuntu0.16.04.16+esm14
                                  Available with Ubuntu Pro
  php7.0-cgi                      7.0.33-0ubuntu0.16.04.16+esm14
                                  Available with Ubuntu Pro
  php7.0-cli                      7.0.33-0ubuntu0.16.04.16+esm14
                                  Available with Ubuntu Pro
  php7.0-ldap                     7.0.33-0ubuntu0.16.04.16+esm14
                                  Available with Ubuntu Pro
  php7.0-mysql                    7.0.33-0ubuntu0.16.04.16+esm14
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7157-3 <https://ubuntu.com/security/notices/USN-7157-3> https://ubuntu.com/security/notices/USN-7157-2 <https://ubuntu.com/security/notices/USN-7157-2> https://ubuntu.com/security/notices/USN-7157-1 <https://ubuntu.com/security/notices/USN-7157-1> 
  CVE-2024-11233, CVE-2024-11234, CVE-2024-8929, CVE-2024-8932

Attachment: OpenPGP_0x401EFCBCDA0FF1BD.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature














    











					Reply via email to