Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 564
Alerts This Week
Warning Icon 1 564

Ubuntu 18.04, 16.04: USN-7049-2 critical: PHP remote access issue

ubuntu
Calendar Grey November 14, 2024
Scroller Ubuntu
The latest security bulletin from Ubuntu addresses severe remote access weaknesses and provides essential patches for safeguarding your systems.
Several security issues were fixed in PHP.

Summary

Several security issues were fixed in PHP.

Software Description:

- php7.2: HTML-embedded scripting language interpreter

- php7.0: HTML-embedded scripting language interpreter

Details:

USN-7049-1 fixed vulnerabilities in PHP. This update provides the

corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

 It was discovered that PHP incorrectly handled parsing multipart form

 data. A remote attacker could possibly use this issue to inject payloads

 and cause PHP to ignore legitimate data. (CVE-2024-8925)

 It was discovered that PHP incorrectly handled the cgi.force_redirect

 configuration option due to environment variable collisions. In certain

 configurations, an attacker could possibly use this issue bypass

 force_redirect restrictions. (CVE-2024-8927)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
   libapache2-mod-php7.2           7.2.24-0ubuntu0.18.04.17+esm6
                                   Available with Ubuntu Pro
   php7.2-cgi                      7.2.24-0ubuntu0.18.04.17+esm6
                                   Available with Ubuntu Pro
   php7.2-cli                      7.2.24-0ubuntu0.18.04.17+esm6
                                   Available with Ubuntu Pro
   php7.2-fpm                      7.2.24-0ubuntu0.18.04.17+esm6
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.16+esm12
                                   Available with Ubuntu Pro
   php7.0-cgi                      7.0.33-0ubuntu0.16.04.16+esm12
                                   Available with Ubuntu Pro
   php7.0-cli                      7.0.33-0ubuntu0.16.04.16+esm12
                                   Available with Ubuntu Pro
   php7.0-fpm                      7.0.33-0ubuntu0.16.04.16+esm12
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7049-2

  https://ubuntu.com/security/notices/USN-7049-1

  CVE-2024-8925, CVE-2024-8927

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7049-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.