Several security issues were fixed in PHP.
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
USN-7049-1 fixed vulnerabilities in PHP. This update
provides the corresponding updates for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that PHP incorrectly handled parsing multipart form
data.A remote attacker could possibly use this issue to inject payloads
and cause PHP to ignore legitimate data. (CVE-2024-8925)
It was discovered that PHP incorrectly handled the cgi.force_redirect
configuration option due to environment variable collisions. In certain
configurations, an attacker could possibly use this issue bypass
force_redirect restrictions. (CVE-2024-8927)
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.29+esm16 Available with Ubuntu Pro php5 5.5.9+dfsg-1ubuntu4.29+esm16 Available with Ubuntu Pro php5-cgi 5.5.9+dfsg-1ubuntu4.29+esm16 Available with Ubuntu Pro php5-cli 5.5.9+dfsg-1ubuntu4.29+esm16 Available with Ubuntu Pro php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm16 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7049-3
https://ubuntu.com/security/notices/USN-7049-2
https://ubuntu.com/security/notices/USN-7049-1
CVE-2024-8925, CVE-2024-8927
Get the latest Linux and open source security news straight to your inbox.