USN-6305-2: PHP vulnerabilities
27 February 2024
Several security issues were fixed in PHP.
Releases
Packages
- php7.0 - HTML-embedded scripting language interpreter
- php7.2 - HTML-embedded scripting language interpreter
- php7.4 - HTML-embedded scripting language interpreter
Details
USN-6305-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that PHP incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2023-3823)
It was discovered that PHP incorrectly handled certain PHAR files.
An attacker could possibly use this issue to cause a crash,
expose sensitive information or execute arbitrary code.
(CVE-2023-3824)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
libapache2-mod-php7.4
-
7.4.3-4ubuntu2.20
-
php7.4
-
7.4.3-4ubuntu2.20
-
php7.4-cgi
-
7.4.3-4ubuntu2.20
-
php7.4-cli
-
7.4.3-4ubuntu2.20
-
php7.4-fpm
-
7.4.3-4ubuntu2.20
-
php7.4-xml
-
7.4.3-4ubuntu2.20
Ubuntu 18.04
-
libapache2-mod-php7.2
-
7.2.24-0ubuntu0.18.04.17+esm2
Available with Ubuntu Pro
-
php7.2
-
7.2.24-0ubuntu0.18.04.17+esm2
Available with Ubuntu Pro
-
php7.2-cgi
-
7.2.24-0ubuntu0.18.04.17+esm2
Available with Ubuntu Pro
-
php7.2-cli
-
7.2.24-0ubuntu0.18.04.17+esm2
Available with Ubuntu Pro
-
php7.2-fpm
-
7.2.24-0ubuntu0.18.04.17+esm2
Available with Ubuntu Pro
-
php7.2-xml
-
7.2.24-0ubuntu0.18.04.17+esm2
Available with Ubuntu Pro
Ubuntu 16.04
-
libapache2-mod-php7.0
-
7.0.33-0ubuntu0.16.04.16+esm8
Available with Ubuntu Pro
-
php7.0
-
7.0.33-0ubuntu0.16.04.16+esm8
Available with Ubuntu Pro
-
php7.0-cgi
-
7.0.33-0ubuntu0.16.04.16+esm8
Available with Ubuntu Pro
-
php7.0-cli
-
7.0.33-0ubuntu0.16.04.16+esm8
Available with Ubuntu Pro
-
php7.0-fpm
-
7.0.33-0ubuntu0.16.04.16+esm8
Available with Ubuntu Pro
-
php7.0-xml
-
7.0.33-0ubuntu0.16.04.16+esm8
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
Related notices
- USN-6305-1: php8.1-soap, php8.1-mbstring, php8.1-pspell, libapache2-mod-php8.0, php8.1-cli, php8.1-xsl, libapache2-mod-php7.4, php8.1-fpm, php8.1-gmp, php8.1-opcache, php8.1-pgsql, php8.1-sybase, php8.1-gd, php8.1-ldap, php8.1-common, php8.1-enchant, php8.1-sqlite3, php8.1-dba, php8.1-intl, php8.1-snmp, php8.1-mysql, php8.1-odbc, php8.1, php8.1-dev, php8.1-curl, php8.1-interbase, libapache2-mod-php8.1, php8.1-xml, php8.1-cgi, php8.1-phpdbg, php8.1-bcmath, php8.1-zip, php8.1-tidy, php8.1-imap, libphp8.1-embed, php8.1-bz2, php8.1-readline