what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-4330-1

Ubuntu Security Notice USN-4330-1
Posted Apr 15, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4330-1 - It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. Various other issues were also addressed.

tags | advisory, php, file upload
systems | linux, ubuntu
advisories | CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066
SHA-256 | 103beb00d1081229c9f84f14247061058d88af29920494f71828b3a45201dd63

Ubuntu Security Notice USN-4330-1

Change Mirror Download
=========================================================================
Ubuntu Security Notice USN-4330-1
April 15, 2020

php5, php7.0, php7.2, php7.3 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in PHP.

Software Description:
- php7.3: server-side, HTML-embedded scripting language (metapackage)
- php7.2: HTML-embedded scripting language interpreter
- php7.0: HTML-embedded scripting language interpreter
- php5: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain file uploads.
An attacker could possibly use this issue to cause a crash.
(CVE-2020-7062)

It was discovered that PHP incorrectly handled certain PHAR archive files.
An attacker could possibly use this issue to access sensitive information.
(CVE-2020-7063)

It was discovered that PHP incorrectly handled certain EXIF files.
An attacker could possibly use this issue to access sensitive information
or cause a crash. (CVE-2020-7064)

It was discovered that PHP incorrectly handled certain UTF strings.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2020-7065)

It was discovered that PHP incorrectly handled certain URLs.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10.
(CVE-2020-7066)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
libapache2-mod-php7.3 7.3.11-0ubuntu0.19.10.4
php7.3-cgi 7.3.11-0ubuntu0.19.10.4
php7.3-cli 7.3.11-0ubuntu0.19.10.4
php7.3-fpm 7.3.11-0ubuntu0.19.10.4
php7.3-mbstring 7.3.11-0ubuntu0.19.10.4

Ubuntu 18.04 LTS:
libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.4
php7.2 7.2.24-0ubuntu0.18.04.4
php7.2-cgi 7.2.24-0ubuntu0.18.04.4
php7.2-cli 7.2.24-0ubuntu0.18.04.4
php7.2-fpm 7.2.24-0ubuntu0.18.04.4

Ubuntu 16.04 LTS:
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.14
php7.0-cgi 7.0.33-0ubuntu0.16.04.14
php7.0-cli 7.0.33-0ubuntu0.16.04.14
php7.0-fpm 7.0.33-0ubuntu0.16.04.14

Ubuntu 14.04 ESM:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.29+esm11
php5-cgi 5.5.9+dfsg-1ubuntu4.29+esm11
php5-cli 5.5.9+dfsg-1ubuntu4.29+esm11
php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm11

Ubuntu 12.04 ESM:
libapache2-mod-php5 5.3.10-1ubuntu3.45
php5-cgi 5.3.10-1ubuntu3.45
php5-cli 5.3.10-1ubuntu3.45
php5-fpm 5.3.10-1ubuntu3.45

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4330-1
CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065,
CVE-2020-7066

Package Information:
https://launchpad.net/ubuntu/+source/php7.3/7.3.11-0ubuntu0.19.10.4
https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.4
https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.14
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close