Explore top 10 tips to secure your open-source projects now. Read More
×
USN-5479-1 was incomplete and didn't properly fix one of the addressed
issues.
Software Description:
- php7.2: HTML-embedded scripting language interpreter
Details:
USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for
CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in
mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.13 php7.2-cgi 7.2.24-0ubuntu0.18.04.13 php7.2-cli 7.2.24-0ubuntu0.18.04.13 php7.2-fpm 7.2.24-0ubuntu0.18.04.13 php7.2-pgsql 7.2.24-0ubuntu0.18.04.13 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5479-1
CVE-2022-31625
Get the latest Linux and open source security news straight to your inbox.