Alerts This Week
Warning Icon 1 1,529
Alerts This Week
Warning Icon 1 1,529

Ubuntu 20.04 LTS: USN-4330-2 Moderate: PHP Security Issues

ubuntu
Calendar Grey May 6, 2020
Dist Ubuntu Esm H88
Ubuntu 20.04 LTS rolls out essential security patches for PHP, targeting various vulnerabilities and their potential threats.
Several security issues were fixed in PHP.

Summary

Several security issues were fixed in PHP.

Software Description:

- php7.4: server-side, HTML-embedded scripting language (metapackage)

Details:

USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding

update for Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that PHP incorrectly handled certain EXIF files.

An attacker could possibly use this issue to access sensitive information

or cause a crash. (CVE-2020-7064)

It was discovered that PHP incorrectly handled certain UTF strings.

An attacker could possibly use this issue to cause a crash or execute

arbitrary code. (CVE-2020-7065)

It was discovered that PHP incorrectly handled certain URLs.

An attacker could possibly use this issue to expose sensitive information.

(CVE-2020-7066)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  libapache2-mod-php7.4           7.4.3-4ubuntu1.1
  php7.4-cgi                      7.4.3-4ubuntu1.1
  php7.4-cli                      7.4.3-4ubuntu1.1
  php7.4-fpm                      7.4.3-4ubuntu1.1
  php7.4-mbstring                 7.4.3-4ubuntu1.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4330-2

https://ubuntu.com/security/notices/USN-4330-1

CVE-2020-7064, CVE-2020-7065, CVE-2020-7066

Severity
important
Lowest
Low
Medium
High
Critical

May 06, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here