Several security issues were fixed in PHP.
Software Description:
- php7.0: HTML-embedded scripting language interpreter
Details:
USN-7157-1 fixed vulnerabilities in PHP versions 7.4, 8.1, and 8.3.
This update provides the corresponding updates for PHP version 7.0.
Original advisory details:
It was discovered that PHP incorrectly handled certain inputs when
processed with convert.quoted-printable decode filters.
An attacker could possibly use this issue to expose sensitive
information or cause a crash. (CVE-2024-11233)
It was discovered that PHP incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to performing arbitrary
HTTP requests originating from the server, thus potentially
gaining access to resources not normally available to the external
user. (CVE-2024-11234)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash...
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.16+esm14 Available with Ubuntu Pro php7.0 7.0.33-0ubuntu0.16.04.16+esm14 Available with Ubuntu Pro php7.0-cgi 7.0.33-0ubuntu0.16.04.16+esm14 Available with Ubuntu Pro php7.0-cli 7.0.33-0ubuntu0.16.04.16+esm14 Available with Ubuntu Pro php7.0-ldap 7.0.33-0ubuntu0.16.04.16+esm14 Available with Ubuntu Pro php7.0-mysql 7.0.33-0ubuntu0.16.04.16+esm14 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7157-3
https://ubuntu.com/security/notices/USN-7157-2
https://ubuntu.com/security/notices/USN-7157-1
CVE-2024-11233, CVE-2024-11234, CVE-2024-8929, CVE-2024-8932
Get the latest Linux and open source security news straight to your inbox.