Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Ubuntu 16.04 ESM USN-5479-2 Critical: PHP Denial of Service

ubuntu
Calendar Grey July 4, 2022
Dist Ubuntu Esm H88
Enhance PHP security on Ubuntu 16.04 ESM by addressing DoS and RCE threats through package upgrades, updates checks, and configuration hardening.
Several security issues were fixed in PHP.

Summary

Several security issues were fixed in PHP.

Software Description:

- php7.0: HTML-embedded scripting language interpreter

Details:

USN-5479-1 fixed vulnerabilities in PHP. This update provides the

corresponding updates for Ubuntu 16.04 ESM.

Original advisory details:

Charles Fol discovered that PHP incorrectly handled initializing certain

arrays when handling the pg_query_params function. A remote attacker could

use this issue to cause PHP to crash, resulting in a denial of service, or

possibly execute arbitrary code. (CVE-2022-31625)

Charles Fol discovered that PHP incorrectly handled passwords in

mysqlnd. A

remote attacker could use this issue to cause PHP to crash, resulting in a

denial of service, or possibly execute arbitrary code. (CVE-2022-31626)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.16+esm4
   php7.0-cgi                      7.0.33-0ubuntu0.16.04.16+esm4
   php7.0-cli                      7.0.33-0ubuntu0.16.04.16+esm4
   php7.0-fpm                      7.0.33-0ubuntu0.16.04.16+esm4
   php7.0-mysql                    7.0.33-0ubuntu0.16.04.16+esm4
   php7.0-pgsql                    7.0.33-0ubuntu0.16.04.16+esm4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5479-2

https://ubuntu.com/security/notices/USN-5479-1

CVE-2022-31625, CVE-2022-31626

Severity
critical
Lowest
Low
Medium
High
Critical

July 04, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.