Ubuntu 6053-1: PHP vulnerability | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up
==========================================================================
Ubuntu Security Notice USN-6053-1
May 02, 2023

php7.0 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

PHP could be made to bypass password checking if a specially crafted input was
provided.

Software Description:
- php7.0: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain invalid Blowfish
password hashes. An invalid password hash could possibly allow applications to
accept any password as valid, contrary to expectations.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.16+esm6
   php7.0                          7.0.33-0ubuntu0.16.04.16+esm6
   php7.0-cgi                      7.0.33-0ubuntu0.16.04.16+esm6
   php7.0-cli                      7.0.33-0ubuntu0.16.04.16+esm6
   php7.0-fpm                      7.0.33-0ubuntu0.16.04.16+esm6

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6053-1
   CVE-2023-0567

Ubuntu 6053-1: PHP vulnerability

May 2, 2023
PHP could be made to bypass password checking if a specially crafted input was provided.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: PHP could be made to bypass password checking if a specially crafted input was provided. Software Description: - php7.0: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM:   libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.16+esm6   php7.0                          7.0.33-0ubuntu0.16.04.16+esm6   php7.0-cgi                      7.0.33-0ubuntu0.16.04.16+esm6   php7.0-cli                      7.0.33-0ubuntu0.16.04.16+esm6   php7.0-fpm                      7.0.33-0ubuntu0.16.04.16+esm6 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6053-1

  CVE-2023-0567

Severity
Ubuntu Security Notice USN-6053-1

Package Information

Related News

PHP Vuln Threatens Confidentiality of Impacted Systems

Best Privacy & Security Tools For Linux

10 Essential Linux Tools for Network and Security Pros

Delving into Container Security

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo