• PHP vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wed Jan 15 17:10:07 2020
    php5, php7.0, php7.2, php7.3 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 19.04
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Several security issues were fixed in PHP.

    Software Description

    * php7.3 - server-side, HTML-embedded scripting language
    (metapackage)
    * php7.2 - HTML-embedded scripting language interpreter
    * php7.0 - HTML-embedded scripting language interpreter
    * php5 - HTML-embedded scripting language interpreter

    Details

    It was discovered that PHP incorrectly handled certain files. An
    attacker could possibly use this issue to cause a denial of
    service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS,
    18.04 LTS, 19.04 and 19.10. (CVE-2019-11045)

    It was discovered that PHP incorrectly handled certain inputs. An
    attacker could possibly use this issue to expose sensitive
    information. (CVE-2019-11046)

    It was discovered that PHP incorrectly handled certain images. An
    attacker could possibly use this issue to access sensitive
    information. (CVE-2019-11047, CVE-2019-11050)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    libapache2-mod-php7.3 - 7.3.11-0ubuntu0.19.10.2
    php7.3-bcmath - 7.3.11-0ubuntu0.19.10.2
    php7.3-cgi - 7.3.11-0ubuntu0.19.10.2
    php7.3-cli - 7.3.11-0ubuntu0.19.10.2
    php7.3-fpm - 7.3.11-0ubuntu0.19.10.2
    php7.3-mbstring - 7.3.11-0ubuntu0.19.10.2
    php7.3-xmlrpc - 7.3.11-0ubuntu0.19.10.2

    Ubuntu 19.04
    libapache2-mod-php7.2 - 7.2.24-0ubuntu0.19.04.2
    php7.2-bcmath - 7.2.24-0ubuntu0.19.04.2
    php7.2-cgi - 7.2.24-0ubuntu0.19.04.2
    php7.2-cli - 7.2.24-0ubuntu0.19.04.2
    php7.2-fpm - 7.2.24-0ubuntu0.19.04.2
    php7.2-mbstring - 7.2.24-0ubuntu0.19.04.2
    php7.2-xmlrpc - 7.2.24-0ubuntu0.19.04.2

    Ubuntu 18.04 LTS
    libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.2
    php7.2-bcmath - 7.2.24-0ubuntu0.18.04.2
    php7.2-cgi - 7.2.24-0ubuntu0.18.04.2
    php7.2-cli - 7.2.24-0ubuntu0.18.04.2
    php7.2-fpm - 7.2.24-0ubuntu0.18.04.2
    php7.2-mbstring - 7.2.24-0ubuntu0.18.04.2
    php7.2-xmlrpc - 7.2.24-0ubuntu0.18.04.2

    Ubuntu 16.04 LTS
    libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.9
    php7.0-bcmath - 7.0.33-0ubuntu0.16.04.9
    php7.0-cgi - 7.0.33-0ubuntu0.16.04.9
    php7.0-cli - 7.0.33-0ubuntu0.16.04.9
    php7.0-fpm - 7.0.33-0ubuntu0.16.04.9
    php7.0-mbstring - 7.0.33-0ubuntu0.16.04.9
    php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.9

    Ubuntu 14.04 ESM
    libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm8
    php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm8
    php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm8
    php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm8
    php5-xmlrpc - 5.5.9+dfsg-1ubuntu4.29+esm8

    Ubuntu 12.04 ESM
    libapache2-mod-php5 - 5.3.10-1ubuntu3.42
    php5-cgi - 5.3.10-1ubuntu3.42
    php5-cli - 5.3.10-1ubuntu3.42
    php5-fpm - 5.3.10-1ubuntu3.42
    php5-xmlrpc - 5.3.10-1ubuntu3.42

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2019-11045
    * CVE-2019-11046
    * CVE-2019-11047
    * CVE-2019-11050

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Mon Feb 17 21:10:05 2020
    php5, php7.0, php7.2, php7.3 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Several security issues were fixed in PHP.

    Software Description

    * php7.3 - server-side, HTML-embedded scripting language
    (metapackage)
    * php7.2 - HTML-embedded scripting language interpreter
    * php7.0 - HTML-embedded scripting language interpreter
    * php5 - HTML-embedded scripting language interpreter

    Details

    It was discovered that PHP incorrectly handled certain scripts. An
    attacker could possibly use this issue to cause a denial of
    service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04
    ESM and Ubuntu 16.04 LTS. (CVE-2015-9253)

    It was discovered that PHP incorrectly handled certain inputs. An
    attacker could possibly use this issue to expose sensitive
    information. (CVE-2020-7059)

    It was discovered that PHP incorrectly handled certain inputs. An
    attacker could possibly use this issue to execute arbitrary code.
    This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS,
    Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    libapache2-mod-php7.3 - 7.3.11-0ubuntu0.19.10.3
    php7.3-cgi - 7.3.11-0ubuntu0.19.10.3
    php7.3-cli - 7.3.11-0ubuntu0.19.10.3
    php7.3-fpm - 7.3.11-0ubuntu0.19.10.3

    Ubuntu 18.04 LTS
    libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.3
    php7.2-cgi - 7.2.24-0ubuntu0.18.04.3
    php7.2-cli - 7.2.24-0ubuntu0.18.04.3
    php7.2-fpm - 7.2.24-0ubuntu0.18.04.3

    Ubuntu 16.04 LTS
    libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.11
    php7.0-cgi - 7.0.33-0ubuntu0.16.04.11
    php7.0-cli - 7.0.33-0ubuntu0.16.04.11
    php7.0-fpm - 7.0.33-0ubuntu0.16.04.11

    Ubuntu 14.04 ESM
    libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm10
    php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm10
    php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm10
    php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm10

    Ubuntu 12.04 ESM
    libapache2-mod-php5 - 5.3.10-1ubuntu3.44
    php5-cgi - 5.3.10-1ubuntu3.44
    php5-cli - 5.3.10-1ubuntu3.44
    php5-fpm - 5.3.10-1ubuntu3.44

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2015-9253
    * CVE-2020-7059
    * CVE-2020-7060

    --- Mystic BBS v1.12 A44 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Wed Apr 15 16:10:07 2020
    php5, php7.0, php7.2, php7.3 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Several security issues were fixed in PHP.

    Software Description

    * php7.3 - server-side, HTML-embedded scripting language
    (metapackage)
    * php7.2 - HTML-embedded scripting language interpreter
    * php7.0 - HTML-embedded scripting language interpreter
    * php5 - HTML-embedded scripting language interpreter

    Details

    It was discovered that PHP incorrectly handled certain file
    uploads. An attacker could possibly use this issue to cause a
    crash. (CVE-2020-7062)

    It was discovered that PHP incorrectly handled certain PHAR
    archive files. An attacker could possibly use this issue to access
    sensitive information. (CVE-2020-7063)

    It was discovered that PHP incorrectly handled certain EXIF files.
    An attacker could possibly use this issue to access sensitive
    information or cause a crash. (CVE-2020-7064)

    It was discovered that PHP incorrectly handled certain UTF
    strings. An attacker could possibly use this issue to cause a
    crash or execute arbitrary code. This issue only affected Ubuntu
    19.10. (CVE-2020-7065)

    It was discovered that PHP incorrectly handled certain URLs. An
    attacker could possibly use this issue to expose sensitive
    information. This issue only affected Ubuntu 16.04 LTS, Ubuntu
    18.04 LTS and Ubuntu 19.10. (CVE-2020-7066)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    libapache2-mod-php7.3 - 7.3.11-0ubuntu0.19.10.4
    php7.3-cgi - 7.3.11-0ubuntu0.19.10.4
    php7.3-cli - 7.3.11-0ubuntu0.19.10.4
    php7.3-fpm - 7.3.11-0ubuntu0.19.10.4
    php7.3-mbstring - 7.3.11-0ubuntu0.19.10.4

    Ubuntu 18.04 LTS
    libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.4
    php7.2 - 7.2.24-0ubuntu0.18.04.4
    php7.2-cgi - 7.2.24-0ubuntu0.18.04.4
    php7.2-cli - 7.2.24-0ubuntu0.18.04.4
    php7.2-fpm - 7.2.24-0ubuntu0.18.04.4

    Ubuntu 16.04 LTS
    libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.14
    php7.0-cgi - 7.0.33-0ubuntu0.16.04.14
    php7.0-cli - 7.0.33-0ubuntu0.16.04.14
    php7.0-fpm - 7.0.33-0ubuntu0.16.04.14

    Ubuntu 14.04 ESM
    libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm11
    php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm11
    php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm11
    php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm11

    Ubuntu 12.04 ESM
    libapache2-mod-php5 - 5.3.10-1ubuntu3.45
    php5-cgi - 5.3.10-1ubuntu3.45
    php5-cli - 5.3.10-1ubuntu3.45
    php5-fpm - 5.3.10-1ubuntu3.45

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-7062
    * CVE-2020-7063
    * CVE-2020-7064
    * CVE-2020-7065
    * CVE-2020-7066

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Wed May 6 16:10:08 2020
    php7.4 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS

    Summary

    Several security issues were fixed in PHP.

    Software Description

    * php7.4 - server-side, HTML-embedded scripting language
    (metapackage)

    Details

    USN-4330-1 fixed vulnerabilities in PHP. This update provides the
    corresponding update for Ubuntu 20.04 LTS.

    Original advisory details:

    It was discovered that PHP incorrectly handled certain EXIF files.
    An attacker could possibly use this issue to access sensitive
    information or cause a crash. (CVE-2020-7064)

    It was discovered that PHP incorrectly handled certain UTF
    strings. An attacker could possibly use this issue to cause a
    crash or execute arbitrary code. (CVE-2020-7065)

    It was discovered that PHP incorrectly handled certain URLs. An
    attacker could possibly use this issue to expose sensitive
    information. (CVE-2020-7066)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    libapache2-mod-php7.4 - 7.4.3-4ubuntu1.1
    php7.4-cgi - 7.4.3-4ubuntu1.1
    php7.4-cli - 7.4.3-4ubuntu1.1
    php7.4-fpm - 7.4.3-4ubuntu1.1
    php7.4-mbstring - 7.4.3-4ubuntu1.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * USN-4330-1
    * CVE-2020-7064
    * CVE-2020-7065
    * CVE-2020-7066

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From boo_ubuntu@21:4/110 to Ubuntu Users on Wed Oct 14 20:10:07 2020
    php5, php7.0, php7.2, php7.4 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Several security issues were fixed in PHP.

    Software Description

    * php7.4 - server-side, HTML-embedded scripting language
    (metapackage)
    * php7.2 - HTML-embedded scripting language interpreter
    * php7.0 - HTML-embedded scripting language interpreter
    * php5 - HTML-embedded scripting language interpreter

    Details

    It was discovered that PHP incorrectly handled certain encrypt
    ciphers. An attacker could possibly use this issue to decrease
    security or cause incorrect encryption data. This issue only
    affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7069)

    It was discorevered that PHP incorrectly handled certain HTTP
    cookies. An attacker could possibly use this issue to forge cookie
    which is supposed to be secure. (CVE-2020-7070)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    libapache2-mod-php7.4 - 7.4.3-4ubuntu2.4
    php7.4-cgi - 7.4.3-4ubuntu2.4
    php7.4-cli - 7.4.3-4ubuntu2.4
    php7.4-curl - 7.4.3-4ubuntu2.4
    php7.4-fpm - 7.4.3-4ubuntu2.4

    Ubuntu 18.04 LTS
    libapache2-mod-php7.2 - 7.2.24-0ubuntu0.18.04.7
    php7.2-cgi - 7.2.24-0ubuntu0.18.04.7
    php7.2-cli - 7.2.24-0ubuntu0.18.04.7
    php7.2-curl - 7.2.24-0ubuntu0.18.04.7
    php7.2-fpm - 7.2.24-0ubuntu0.18.04.7

    Ubuntu 16.04 LTS
    libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.16
    php7.0-cgi - 7.0.33-0ubuntu0.16.04.16
    php7.0-cli - 7.0.33-0ubuntu0.16.04.16
    php7.0-curl - 7.0.33-0ubuntu0.16.04.16
    php7.0-fpm - 7.0.33-0ubuntu0.16.04.16

    Ubuntu 14.04 ESM
    libapache2-mod-php5 - 5.5.9+dfsg-1ubuntu4.29+esm13
    php5-cgi - 5.5.9+dfsg-1ubuntu4.29+esm13
    php5-cli - 5.5.9+dfsg-1ubuntu4.29+esm13
    php5-curl - 5.5.9+dfsg-1ubuntu4.29+esm13
    php5-fpm - 5.5.9+dfsg-1ubuntu4.29+esm13

    Ubuntu 12.04 ESM
    libapache2-mod-php5 - 5.3.10-1ubuntu3.48
    php5-cgi - 5.3.10-1ubuntu3.48
    php5-cli - 5.3.10-1ubuntu3.48
    php5-curl - 5.3.10-1ubuntu3.48
    php5-fpm - 5.3.10-1ubuntu3.48

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-7069
    * CVE-2020-7070

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)