USN-6670-1: php-guzzlehttp-psr7 vulnerabilities
29 February 2024
Several header injection issues were fixed in php-guzzlehttp-psr7.
Releases
Packages
- php-guzzlehttp-psr7 - PSR-7 HTTP message library
Details
It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP
headers. A remote attacker could possibly use these issues to perform
an HTTP header injection attack.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
-
php-guzzlehttp-psr7
-
1.8.3-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04
In general, a standard system update will make all the necessary changes.