USN-4583-1: PHP vulnerabilities

14 October 2020

Several security issues were fixed in PHP.

Releases

Packages

  • php5 - HTML-embedded scripting language interpreter
  • php7.0 - HTML-embedded scripting language interpreter
  • php7.2 - HTML-embedded scripting language interpreter
  • php7.4 - server-side, HTML-embedded scripting language (metapackage)

Details

It was discovered that PHP incorrectly handled certain encrypt ciphers.
An attacker could possibly use this issue to decrease security or cause
incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-7069)

It was discorevered that PHP incorrectly handled certain HTTP cookies.
An attacker could possibly use this issue to forge cookie which is supposed to
be secure. (CVE-2020-7070)

Related notices

  • USN-4583-2: php7.4-curl, php7.4, php7.4-cli, php7.4-cgi, php7.4-fpm, libapache2-mod-php7.4