==========================================================================
Ubuntu Security Notice USN-3922-1
March 26, 2019
php7.0, php7.2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in PHP.
Software Description:
– php7.2: HTML-embedded scripting language interpreter
– php7.0: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled certain inputs. An
attacker could possibly use this issue to expose sensitive information.
(CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-
9641)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
libapache2-mod-php7.2 7.2.15-0ubuntu0.18.10.2
php7.2-cgi 7.2.15-0ubuntu0.18.10.2
php7.2-cli 7.2.15-0ubuntu0.18.10.2
php7.2-fpm 7.2.15-0ubuntu0.18.10.2
Ubuntu 18.04 LTS:
libapache2-mod-php7.2 7.2.15-0ubuntu0.18.04.2
php7.2-cgi 7.2.15-0ubuntu0.18.04.2
php7.2-cli 7.2.15-0ubuntu0.18.04.2
php7.2-fpm 7.2.15-0ubuntu0.18.04.2
Ubuntu 16.04 LTS:
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.3
php7.0-cgi 7.0.33-0ubuntu0.16.04.3
php7.0-cli 7.0.33-0ubuntu0.16.04.3
php7.0-fpm 7.0.33-0ubuntu0.16.04.3
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3922-1
CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640,
CVE-2019-9641
Package Information:
https://launchpad.net/ubuntu/+source/php7.2/7.2.15-0ubuntu0.18.10.2
https://launchpad.net/ubuntu/+source/php7.2/7.2.15-0ubuntu0.18.04.2
https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.3—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJcmmeSAAoJEEW851uECx9pNxgP/0aEHCUJAEYIXIPjiJO6RbaE
+hZIBtttv0UP4fXc2gHZFDzE2bLYprRVm4X/mzNdNRJi7fhF6fySjIQtNVovqlEX
X90crIwLPhibjUw2fIMQmtXPBIuPa8Qad4GITgcg5WWk/zAfPoyS58oM+XuVo2KC
bkd9DMM0sa9HcaOOrZ05KonexQdyPLLz57LBoecm+tie53R9lptl/HkZyHIf+Bk1
aX7iewATTFIj+EHsLZ3hfk3Rvh0cY4pxbUkZDSvt2p2WHmCNyhGwHTszmgJG8N/h
dvYdChYWqdNDj2tRybEOBI4PfLx/+w8R6Ap7aCIuzY7ixQDbaW0/aI2wVx09HU/d
gAPqISLYPS0HhS8J5jTZkRiogM4qe8diODQ1CJSHoFDw16Ml1k07jI0VMDXDGtUp
IVXEWUiumAMHoxKw0VjLYoK8um5X4EcSkgpFo2eYFk0UgHB4XiHXcSyQFo1Ou2cB
M4+snjcmoWXngT8n0flWrGEc60216C3w8/8Q9MYIE4kWoQvUB5GEf124KaaX/GuH
aMzh8xuhQVr9yjEhTfORH1tHOFr4WTymwWOsbQgTfKMbs9MdUs5onviIVvm6Wnc8
AHiURWZmruc/QRK0SvuXJD/sP298PdTbTDfLZOEwnVPWrIqp0WA+gmqmg7VOVtnM
YLHNIuixRY2+icznkQCP
=n3pp
—–END PGP SIGNATURE—–
—