Ubuntu 7049-1: PHP Security Advisory Updates
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php8.3: HTML-embedded scripting language interpreter - php8.1: HTML-embedded scripting language interpreter - php7.4: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. (CVE-2024-8925) It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions. (CVE-2024-8927) It was discovered that PHP-FPM incorrectly handled logging. A remote attacker could possibly use this issue to alter and inject arbi...
Read the Full AdvisoryUpdate Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libapache2-mod-php8.3 8.3.6-0ubuntu0.24.04.2 php8.3-cgi 8.3.6-0ubuntu0.24.04.2 php8.3-cli 8.3.6-0ubuntu0.24.04.2 php8.3-fpm 8.3.6-0ubuntu0.24.04.2 Ubuntu 22.04 LTS libapache2-mod-php8.1 8.1.2-1ubuntu2.19 php8.1-cgi 8.1.2-1ubuntu2.19 php8.1-cli 8.1.2-1ubuntu2.19 php8.1-fpm 8.1.2-1ubuntu2.19 Ubuntu 20.04 LTS libapache2-mod-php7.4 7.4.3-4ubuntu2.24 php7.4-cgi 7.4.3-4ubuntu2.24 php7.4-cli 7.4.3-4ubuntu2.24 php7.4-fpm 7.4.3-4ubuntu2.24 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7049-1
CVE-2024-8925, CVE-2024-8927, CVE-2024-9026
Package Information
https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu0.24.04.2 https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.19 https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.24
