Ubuntu Security Notice 4583-2 - USN-4583-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.10. It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. Various other issues were also addressed.
953c5ec8c6ea5705d5a7d38c3577d64521e45ed0cd76684e510b5a47bc41b518
=========================================================================
Ubuntu Security Notice USN-4583-2
October 27, 2020
php7.4 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
Summary:
Several security issues were fixed in PHP.
Software Description:
- php7.4: server-side, HTML-embedded scripting language (metapackage)
Details:
USN-4583-1 fixed vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 20.10.
Original advisory details:
It was discovered that PHP incorrectly handled certain encrypt ciphers.
An attacker could possibly use this issue to decrease security or cause
incorrect encryption data. (CVE-2020-7069)
It was discorevered that PHP incorrectly handled certain HTTP cookies.
An attacker could possibly use this issue to forge cookie which is supposed to
be secure. (CVE-2020-7070)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
libapache2-mod-php7.4 7.4.9-1ubuntu1.1
php7.4-cgi 7.4.9-1ubuntu1.1
php7.4-cli 7.4.9-1ubuntu1.1
php7.4-curl 7.4.9-1ubuntu1.1
php7.4-fpm 7.4.9-1ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4583-2
https://usn.ubuntu.com/4583-1
CVE-2020-7069, CVE-2020-7070
Package Information:
https://launchpad.net/ubuntu/+source/php7.4/7.4.9-1ubuntu1.1