Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 730
Alerts This Week
Warning Icon 1 730

Ubuntu 20.04 LTS: USN-6305-2 Critical PHP Information Exposure

ubuntu
Calendar Grey February 27, 2024
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-6305-2 has outlined critical PHP vulnerabilities impacting various versions; remedial updates now issued.
Several security issues were fixed in PHP.

Summary

Several security issues were fixed in PHP.

Software Description:

- php7.4: HTML-embedded scripting language interpreter

- php7.2: HTML-embedded scripting language interpreter

- php7.0: HTML-embedded scripting language interpreter

Details:

USN-6305-1 fixed several vulnerabilities in PHP. This update provides

the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that PHP incorrectly handled certain XML files.

An attacker could possibly use this issue to expose sensitive information.

(CVE-2023-3823)

It was discovered that PHP incorrectly handled certain PHAR files.

An attacker could possibly use this issue to cause a crash,

expose sensitive information or execute arbitrary code.

(CVE-2023-3824)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  libapache2-mod-php7.4           7.4.3-4ubuntu2.20
  php7.4                          7.4.3-4ubuntu2.20
  php7.4-cgi                      7.4.3-4ubuntu2.20
  php7.4-cli                      7.4.3-4ubuntu2.20
  php7.4-fpm                      7.4.3-4ubuntu2.20
  php7.4-xml                      7.4.3-4ubuntu2.20

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  libapache2-mod-php7.2           7.2.24-0ubuntu0.18.04.17+esm2
  php7.2                          7.2.24-0ubuntu0.18.04.17+esm2
  php7.2-cgi                      7.2.24-0ubuntu0.18.04.17+esm2
  php7.2-cli                      7.2.24-0ubuntu0.18.04.17+esm2
  php7.2-fpm                      7.2.24-0ubuntu0.18.04.17+esm2
  php7.2-xml                      7.2.24-0ubuntu0.18.04.17+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.16+esm8
  php7.0                          7.0.33-0ubuntu0.16.04.16+esm8
  php7.0-cgi                      7.0.33-0ubuntu0.16.04.16+esm8
  php7.0-cli                      7.0.33-0ubuntu0.16.04.16+esm8
  php7.0-fpm                      7.0.33-0ubuntu0.16.04.16+esm8
  php7.0-xml                      7.0.33-0ubuntu0.16.04.16+esm8

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6305-2

https://ubuntu.com/security/notices/USN-6305-1

CVE-2023-3823, CVE-2023-3824

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6305-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.