Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in PHP.
Software Description:
- php7.4: HTML-embedded scripting language interpreter
- php7.2: HTML-embedded scripting language interpreter
- php7.0: HTML-embedded scripting language interpreter
Details:
USN-6305-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that PHP incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2023-3823)
It was discovered that PHP incorrectly handled certain PHAR files.
An attacker could possibly use this issue to cause a crash,
expose sensitive information or execute arbitrary code.
(CVE-2023-3824)
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libapache2-mod-php7.4 7.4.3-4ubuntu2.20 php7.4 7.4.3-4ubuntu2.20 php7.4-cgi 7.4.3-4ubuntu2.20 php7.4-cli 7.4.3-4ubuntu2.20 php7.4-fpm 7.4.3-4ubuntu2.20 php7.4-xml 7.4.3-4ubuntu2.20 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.17+esm2 php7.2 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-cgi 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-cli 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-fpm 7.2.24-0ubuntu0.18.04.17+esm2 php7.2-xml 7.2.24-0ubuntu0.18.04.17+esm2 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.16+esm8 php7.0 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-cgi 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-cli 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm8 php7.0-xml 7.0.33-0ubuntu0.16.04.16+esm8 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6305-2
https://ubuntu.com/security/notices/USN-6305-1
CVE-2023-3823, CVE-2023-3824
Get the latest Linux and open source security news straight to your inbox.