Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 14.04 LTS USN-7049-3: Critical PHP Threats Mitigated

ubuntu
Calendar Grey February 27, 2025
Dist Ubuntu Esm H88
Enhancements for PHP security vulnerabilities in Ubuntu 14.04 LTS to mitigate risks of attacks and data breaches. Discover more!
Several security issues were fixed in PHP.

Summary

Several security issues were fixed in PHP.

Software Description:

- php5: HTML-embedded scripting language interpreter

Details:

USN-7049-1 fixed vulnerabilities in PHP. This update

provides the corresponding updates for Ubuntu 14.04 LTS.

Original advisory details:

 It was discovered that PHP incorrectly handled parsing multipart form

 data.A remote attacker could possibly use this issue to inject payloads

 and cause PHP to ignore legitimate data. (CVE-2024-8925)

 It was discovered that PHP incorrectly handled the cgi.force_redirect

 configuration option due to environment variable collisions. In certain

 configurations, an attacker could possibly use this issue bypass

 force_redirect restrictions. (CVE-2024-8927)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
   libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro
   php5                            5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro
   php5-cgi                        5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro
   php5-cli                        5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro
   php5-fpm                        5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7049-3

  https://ubuntu.com/security/notices/USN-7049-2

  https://ubuntu.com/security/notices/USN-7049-1

  CVE-2024-8925, CVE-2024-8927

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7049-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here