Ubuntu 20.04 LTS USN-7157-2: Critical PHP Regression Fix
ubuntu
December 13, 2024
USN-7157-1 introduced a regression in PHP.
Summary
USN-7157-1 introduced a regression in PHP.
Software Description:
- php7.4: HTML-embedded scripting language interpreter
Details:
USN-7157-1 fixed vulnerabilities in PHP. The patch for
CVE-2024-8932 caused a regression in php7.4. This
update fixes the problem.
Original advisory details:
It was discovered that PHP incorrectly handled certain inputs when
processed with convert.quoted-printable decode filters.
An attacker could possibly use this issue to expose sensitive
information or cause a crash. (CVE-2024-11233)
It was discovered that PHP incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to performing arbitrary
HTTP requests originating from the server, thus potentially
gaining access to resources not normally available to the external
user. (CVE-2024-11234)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2024-11236, CVE-20...
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libapache2-mod-php7.4 7.4.3-4ubuntu2.28 php7.4 7.4.3-4ubuntu2.28 php7.4-cgi 7.4.3-4ubuntu2.28 php7.4-cli 7.4.3-4ubuntu2.28 php7.4-ldap 7.4.3-4ubuntu2.28 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7157-2
https://ubuntu.com/security/notices/USN-7157-1
CVE-2024-8932
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-7157-2
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!