USN-6305-2: PHP vulnerabilities
27 February 2024
Several security issues were fixed in PHP.
Releases
Packages
- php7.0 - HTML-embedded scripting language interpreter
- php7.2 - HTML-embedded scripting language interpreter
- php7.4 - HTML-embedded scripting language interpreter
Details
USN-6305-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that PHP incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2023-3823)
It was discovered that PHP incorrectly handled certain PHAR files.
An attacker could possibly use this issue to cause a crash,
expose sensitive information or execute arbitrary code.
(CVE-2023-3824)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
libapache2-mod-php7.4
-
7.4.3-4ubuntu2.20
-
php7.4
-
7.4.3-4ubuntu2.20
-
php7.4-cgi
-
7.4.3-4ubuntu2.20
-
php7.4-cli
-
7.4.3-4ubuntu2.20
-
php7.4-fpm
-
7.4.3-4ubuntu2.20
-
php7.4-xml
-
7.4.3-4ubuntu2.20
Ubuntu 18.04
-
libapache2-mod-php7.2
-
7.2.24-0ubuntu0.18.04.17+esm2
Available with Ubuntu Pro
-
php7.2
-
7.2.24-0ubuntu0.18.04.17+esm2
Available with Ubuntu Pro
-
php7.2-cgi
-
7.2.24-0ubuntu0.18.04.17+esm2
Available with Ubuntu Pro
-
php7.2-cli
-
7.2.24-0ubuntu0.18.04.17+esm2
Available with Ubuntu Pro
-
php7.2-fpm
-
7.2.24-0ubuntu0.18.04.17+esm2
Available with Ubuntu Pro
-
php7.2-xml
-
7.2.24-0ubuntu0.18.04.17+esm2
Available with Ubuntu Pro
Ubuntu 16.04
-
libapache2-mod-php7.0
-
7.0.33-0ubuntu0.16.04.16+esm8
Available with Ubuntu Pro
-
php7.0
-
7.0.33-0ubuntu0.16.04.16+esm8
Available with Ubuntu Pro
-
php7.0-cgi
-
7.0.33-0ubuntu0.16.04.16+esm8
Available with Ubuntu Pro
-
php7.0-cli
-
7.0.33-0ubuntu0.16.04.16+esm8
Available with Ubuntu Pro
-
php7.0-fpm
-
7.0.33-0ubuntu0.16.04.16+esm8
Available with Ubuntu Pro
-
php7.0-xml
-
7.0.33-0ubuntu0.16.04.16+esm8
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.