Explore top 10 tips to secure your open-source projects now. Read More
×
PHP could be made to bypass password checking if a specially crafted input was
provided.
Software Description:
- php7.0: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled certain invalid Blowfish
password hashes. An invalid password hash could possibly allow applications to
accept any password as valid, contrary to expectations.
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.16+esm6 php7.0 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-cgi 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-cli 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm6 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6053-1
CVE-2023-0567
Get the latest Linux and open source security news straight to your inbox.