Ubuntu alert USN-6841-1 (php7.4, php8.1, php8.2, php8.3)
| From: | "Leonidas S. Barbosa" <leo.barbosa@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6841-1] PHP vulnerability | |
| Date: | Wed, 19 Jun 2024 10:22:24 -0300 | |
| Message-ID: | <20240619132224.GA262967@d4rkl41n> |
========================================================================== Ubuntu Security Notice USN-6841-1 June 19, 2024 php7.4, php8.1, php8.2, php8.3 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: PHP could be made to accept invalid URLs. Software Description: - php8.3: server-side, HTML-embedded scripting language (metapackage) - php8.2: server-side, HTML-embedded scripting language (metapackage) - php8.1: HTML-embedded scripting language interpreter - php7.4: HTML-embedded scripting language interpreter Details: It was discovered that PHP could early return in the filter_var function resulting in invalid user information being treated as valid user information. An attacker could possibly use this issue to expose raw user input information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libapache2-mod-php8.3 8.3.6-0ubuntu0.24.04.1 php8.3 8.3.6-0ubuntu0.24.04.1 php8.3-cgi 8.3.6-0ubuntu0.24.04.1 php8.3-cli 8.3.6-0ubuntu0.24.04.1 php8.3-fpm 8.3.6-0ubuntu0.24.04.1 Ubuntu 23.10 libapache2-mod-php8.2 8.2.10-2ubuntu2.2 php8.2 8.2.10-2ubuntu2.2 php8.2-cgi 8.2.10-2ubuntu2.2 php8.2-cli 8.2.10-2ubuntu2.2 php8.2-fpm 8.2.10-2ubuntu2.2 Ubuntu 22.04 LTS libapache2-mod-php8.1 8.1.2-1ubuntu2.18 php8.1 8.1.2-1ubuntu2.18 php8.1-cgi 8.1.2-1ubuntu2.18 php8.1-cli 8.1.2-1ubuntu2.18 php8.1-fpm 8.1.2-1ubuntu2.18 Ubuntu 20.04 LTS libapache2-mod-php7.4 7.4.3-4ubuntu2.23 php7.4 7.4.3-4ubuntu2.23 php7.4-cgi 7.4.3-4ubuntu2.23 php7.4-cli 7.4.3-4ubuntu2.23 php7.4-fpm 7.4.3-4ubuntu2.23 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6841-1 CVE-2024-5458 Package Information: https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu... https://launchpad.net/ubuntu/+source/php8.2/8.2.10-2ubunt... https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu... https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmZy24wACgkQRbznW4QL H2kzlA/+LH+bPwqgmckhub8i7MrJnSZlI6jMA6Vi8hbYcYBYuRcpGhNWLU1gQB1K kRg5LkkQ7PK5Pnk5NLvjHJaUAJuNMc+I1iysmVLVOm770eQ1NDAftv3ocmY76rG0 Mp5HFPp2DsYdPDI00zUeKMJgWbcxOURDDhl0MB4E+OgKNrXxQkKNtR88HTxjMQze T3q2ONJ6mky2i3YLf8loaQn6IWrsAieuE00gv8Y8bYmePpA+/TwEDow93zppDK7h yt5Lsbp2GgFQncoq67Nu5mPk1fE7c85F4kWYHhawl9fzSz/d23Te6a9QDxpJ/eDl /kiSB7+6YFm987CW3JTuZRIN1N7J679BJx2Z0+WRxIIQNP9wmhSUKgFjVYQ55DjV 7wBVNt55dh9MAxgbD/xtPdQIhvm8+LFhBKv1Ug8yPbi6tqDeLPz2q5DshyXd8IOC BbZjswk7fhQMOk6STk+aKmMnfkGCUu/Hizh/1WjTAJ/SD7JjiQqpZ9m2TpGDm6Lo R461qao1fJSG8adId+Bau9UWe+wH10lhMHz87G8lqZXih7qu2DQ/tatnu91bm7km z6H89aPr1IODNbObw5zEwaHqamPiXTk/1gv7+1n0aC87KtvUAz3ccCAIcY3O6/Vc NJ+mnSpycIH3H8ZmFQ7a/qZdYoDxx/qz0K+1MKxgkEeil/cMCms= =OwNr -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)