Several security issues were fixed in PHP.
Software Description:
- php8.2: server-side, HTML-embedded scripting language (metapackage)
- php8.1: HTML-embedded scripting language interpreter
- php7.4: HTML-embedded scripting language interpreter
Details:
USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem.
Original advisory details:
It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-4900)
It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to cookie by pass.
(CVE-2024-2756)
It was discovered that PHP incorrectly handled some passwords.
An attacker could possibly use this issue to cause an account takeover
atta...
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10 libapache2-mod-php8.2 8.2.10-2ubuntu2.1 php8.2 8.2.10-2ubuntu2.1 php8.2-cgi 8.2.10-2ubuntu2.1 php8.2-cli 8.2.10-2ubuntu2.1 php8.2-fpm 8.2.10-2ubuntu2.1 php8.2-xml 8.2.10-2ubuntu2.1 Ubuntu 22.04 LTS libapache2-mod-php8.1 8.1.2-1ubuntu2.17 php8.1 8.1.2-1ubuntu2.17 php8.1-cgi 8.1.2-1ubuntu2.17 php8.1-cli 8.1.2-1ubuntu2.17 php8.1-fpm 8.1.2-1ubuntu2.17 php8.1-xml 8.1.2-1ubuntu2.17 Ubuntu 20.04 LTS libapache2-mod-php7.4 7.4.3-4ubuntu2.22 php7.4 7.4.3-4ubuntu2.22 php7.4-cgi 7.4.3-4ubuntu2.22 php7.4-cli 7.4.3-4ubuntu2.22 php7.4-fpm 7.4.3-4ubuntu2.22 php7.4-xml 7.4.3-4ubuntu2.22 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6757-2
https://ubuntu.com/security/notices/USN-6757-1
CVE-2022-4900, CVE-2024-2756, CVE-2024-3096
Get the latest Linux and open source security news straight to your inbox.