USN-4583-2: PHP vulnerabilities

27 October 2020

Several security issues were fixed in PHP.

Releases

Packages

  • php7.4 - server-side, HTML-embedded scripting language (metapackage)

Details

USN-4583-1 fixed vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 20.10.

Original advisory details:

It was discovered that PHP incorrectly handled certain encrypt ciphers.
An attacker could possibly use this issue to decrease security or cause
incorrect encryption data. (CVE-2020-7069)

It was discorevered that PHP incorrectly handled certain HTTP cookies.
An attacker could possibly use this issue to forge cookie which is supposed to
be secure. (CVE-2020-7070)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10

In general, a standard system update will make all the necessary changes.

Related notices

  • USN-4583-1: php7.4-cli, php7.0-curl, php7.2-curl, php7.0-cli, php5-cgi, php7.4-fpm, libapache2-mod-php7.0, php5-cli, php7.4-curl, php7.2, libapache2-mod-php7.4, php5-fpm, php7.0-fpm, php5-curl, php7.2-cli, php7.0-cgi, php7.4-cgi, php7.0, libapache2-mod-php7.2, php7.2-cgi, php7.2-fpm, php7.4, libapache2-mod-php5, php5