CVE-2024-2756
Published: 16 April 2024
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
Notes
Author | Note |
---|---|
leosilva |
version in noble is not affected see (LP: #2061147) |
Priority
Status
Package | Release | Status |
---|---|---|
php5
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
php7.0
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Released
(7.0.33-0ubuntu0.16.04.16+esm9)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
php7.2
Launchpad, Ubuntu, Debian |
bionic |
Released
(7.2.24-0ubuntu0.18.04.17+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
php7.4
Launchpad, Ubuntu, Debian |
focal |
Released
(7.4.3-4ubuntu2.22)
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Needs triage
|
|
php8.1
Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Released
(8.1.2-1ubuntu2.17)
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(8.1.28)
|
|
php8.2
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Released
(8.2.10-2ubuntu2.1)
|
|
noble |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(8.2.18)
|
|
xenial |
Does not exist
|
|
php8.3
Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Released
(8.3.6-0maysync1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(8.3.6)
|
|
xenial |
Does not exist
|
|
Patches:
upstream: https://github.com/php/php-src/commit/093c08af25fb323efa0c8e6154aa9fdeae3d3b53 |