Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 18.04 LTS: USN-5479-3 Critical PHP Update for DoS Issue

ubuntu
Calendar Grey July 7, 2022
Dist Ubuntu Esm H88
Notice regarding unresolved PHP remedy USN-5479-1 on Ubuntu 18.04 LTS pertaining to security vulnerabilities acknowledged.
USN-5479-1 was incomplete and didn't properly fix one of the addressed issues.

Summary

USN-5479-1 was incomplete and didn't properly fix one of the addressed

issues.

Software Description:

- php7.2: HTML-embedded scripting language interpreter

Details:

USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for

CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes

the problem.

We apologize for the inconvenience.

Original advisory details:

Charles Fol discovered that PHP incorrectly handled initializing certain

arrays when handling the pg_query_params function. A remote attacker could

use this issue to cause PHP to crash, resulting in a denial of service, or

possibly execute arbitrary code. (CVE-2022-31625)

Charles Fol discovered that PHP incorrectly handled passwords in

mysqlnd. A

remote attacker could use this issue to cause PHP to crash, resulting in a

denial of service, or possibly execute arbitrary code. (CVE-2022-31626)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
   libapache2-mod-php7.2           7.2.24-0ubuntu0.18.04.13
   php7.2-cgi                      7.2.24-0ubuntu0.18.04.13
   php7.2-cli                      7.2.24-0ubuntu0.18.04.13
   php7.2-fpm                      7.2.24-0ubuntu0.18.04.13
   php7.2-pgsql                    7.2.24-0ubuntu0.18.04.13

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5479-1

CVE-2022-31625

Severity
critical
Lowest
Low
Medium
High
Critical

July 07, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.