Packages
Details
USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem.
Original advisory details:
It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-4900)
It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to cookie by pass.
(CVE-2024-2756)
It was discovered that PHP incorrectly handled some passwords.
An attacker could possibly use this issue to cause an account takeover
attack. (CVE-2024-3096)
USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem.
Original advisory details:
It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-4900)
It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to cookie by pass.
(CVE-2024-2756)
It was discovered that PHP incorrectly handled some passwords.
An attacker could possibly use this issue to cause an account takeover
attack. (CVE-2024-3096)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
23.10 mantic | libapache2-mod-php8.2 – 8.2.10-2ubuntu2.1 | ||
php8.2 – 8.2.10-2ubuntu2.1 | |||
php8.2-cgi – 8.2.10-2ubuntu2.1 | |||
php8.2-cli – 8.2.10-2ubuntu2.1 | |||
php8.2-fpm – 8.2.10-2ubuntu2.1 | |||
php8.2-xml – 8.2.10-2ubuntu2.1 | |||
22.04 jammy | libapache2-mod-php8.1 – 8.1.2-1ubuntu2.17 | ||
php8.1 – 8.1.2-1ubuntu2.17 | |||
php8.1-cgi – 8.1.2-1ubuntu2.17 | |||
php8.1-cli – 8.1.2-1ubuntu2.17 | |||
php8.1-fpm – 8.1.2-1ubuntu2.17 | |||
php8.1-xml – 8.1.2-1ubuntu2.17 | |||
20.04 focal | libapache2-mod-php7.4 – 7.4.3-4ubuntu2.22 | ||
php7.4 – 7.4.3-4ubuntu2.22 | |||
php7.4-cgi – 7.4.3-4ubuntu2.22 | |||
php7.4-cli – 7.4.3-4ubuntu2.22 | |||
php7.4-fpm – 7.4.3-4ubuntu2.22 | |||
php7.4-xml – 7.4.3-4ubuntu2.22 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.