==========================================================================
Ubuntu Security Notice USN-4583-1
October 14, 2020
php5, php7.0, php7.2, php7.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in PHP.
Software Description:
– php7.4: server-side, HTML-embedded scripting language (metapackage)
– php7.2: HTML-embedded scripting language interpreter
– php7.0: HTML-embedded scripting language interpreter
– php5: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled certain encrypt ciphers.
An attacker could possibly use this issue to decrease security or cause
incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-7069)
It was discorevered that PHP incorrectly handled certain HTTP cookies.
An attacker could possibly use this issue to forge cookie which is supposed to
be secure. (CVE-2020-7070)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libapache2-mod-php7.4 7.4.3-4ubuntu2.4
php7.4-cgi 7.4.3-4ubuntu2.4
php7.4-cli 7.4.3-4ubuntu2.4
php7.4-curl 7.4.3-4ubuntu2.4
php7.4-fpm 7.4.3-4ubuntu2.4
Ubuntu 18.04 LTS:
libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.7
php7.2-cgi 7.2.24-0ubuntu0.18.04.7
php7.2-cli 7.2.24-0ubuntu0.18.04.7
php7.2-curl 7.2.24-0ubuntu0.18.04.7
php7.2-fpm 7.2.24-0ubuntu0.18.04.7
Ubuntu 16.04 LTS:
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.16
php7.0-cgi 7.0.33-0ubuntu0.16.04.16
php7.0-cli 7.0.33-0ubuntu0.16.04.16
php7.0-curl 7.0.33-0ubuntu0.16.04.16
php7.0-fpm 7.0.33-0ubuntu0.16.04.16
Ubuntu 14.04 ESM:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.29+esm13
php5-cgi 5.5.9+dfsg-1ubuntu4.29+esm13
php5-cli 5.5.9+dfsg-1ubuntu4.29+esm13
php5-curl 5.5.9+dfsg-1ubuntu4.29+esm13
php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm13
Ubuntu 12.04 ESM:
libapache2-mod-php5 5.3.10-1ubuntu3.48
php5-cgi 5.3.10-1ubuntu3.48
php5-cli 5.3.10-1ubuntu3.48
php5-curl 5.3.10-1ubuntu3.48
php5-fpm 5.3.10-1ubuntu3.48
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4583-1
CVE-2020-7069, CVE-2020-7070
Package Information:
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.4
https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.7
https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.16
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl+HVLMACgkQRbznW4QL
H2laoxAAo+AYde7iVILVT9+bN4ll541pD19sZmPfvCSkHGYx5jIOGejDh+5qc80D
mnG0bk9Tw/X3oYV+28jDpC7T8NkJwatF/FglZsix8ZONeJzDCPs3s1yJrNYayZiR
3oHhyFo6Po0GtGUnY6+mMSj1aGmXZiOHSqK4TGQdeqn7qoCq8ZufcOSzIZhIE0OK
5ecT9m02SchLrSgg1VvzAyx1MpiOdASOrfzPMd4uGW2PW6owl3tUAcMo18cAPlJm
G9X78BhCgT/l9iq/wbrsCCod6UW4YPIXMIM2Sg7wcFleokzsg632G4qP67d7uNnh
z80++8h18DngLDS/tce0swJQWAyyktqtfC33TC6UAaKtwmCGqqrLJ5bO/f8snMLU
32k/W5slXDw1ETMdrTXXvhbsV43ApatMfoJVkEckWu+Cr9NKxl6WB/yoa9m5aM1l
hGnO2kbnbp5D2Aup2bcyrJ94iMTh7jhUYYBwELkx5eQ6YaN5JaaMOJE7xJ8poVv9
u7/2d8AagX2wSCVM7ZcD7yRqjfwtIDTiNvpCiuf/T3BhFxlIHfYJt4872pyz0B3x
ogqJLuGfAN679sB7uxAsXaMAIfXS7KnqgUYlI/B5fGY2jTVp4kjFDGQEYyEWGR4d
LyZh23YgOP+QzeFvzo1nGiGaVn/+SXsq33/zb/dEwPAmtJH9hho=
=Cn5/
—–END PGP SIGNATURE—–
—