what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-6305-3

Ubuntu Security Notice USN-6305-3
Posted Jul 4, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6305-3 - USN-6305-2 fixed a vulnerability in PHP. The update caused a regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fix it. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.

tags | advisory, php
systems | linux, ubuntu
advisories | CVE-2023-3823, CVE-2023-3824
SHA-256 | ad22d50a191a26737bb8ed7b11d3a481ebda4793801d086baee4dde89121e4b8
Download | Favorite | View

Ubuntu Security Notice USN-6305-3

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-6305-3
July 03, 2024

php7.0 and php7.2 regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

USN-6305-2 caused a regression in parsing XML.

Software Description:
- php7.2: HTML-embedded scripting language interpreter
- php7.0: HTML-embedded scripting language interpreter

Details:

USN-6305-2 fixed a vulnerability in PHP. The update caused a regression
in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fix it.

Original advisory details:

 It was discovered that PHP incorrectly handled certain XML files.
 An attacker could possibly use this issue to expose sensitive information.
 (CVE-2023-3823)

 It was discovered that PHP incorrectly handled certain PHAR files.
 An attacker could possibly use this issue to cause a crash,
 expose sensitive information or execute arbitrary code.
 (CVE-2023-3824)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  php7.2                          7.2.24-0ubuntu0.18.04.17+esm4
                                  Available with Ubuntu Pro
  php7.2-cgi                      7.2.24-0ubuntu0.18.04.17+esm4
                                  Available with Ubuntu Pro
  php7.2-cli                      7.2.24-0ubuntu0.18.04.17+esm4
                                  Available with Ubuntu Pro
  php7.2-fpm                      7.2.24-0ubuntu0.18.04.17+esm4
                                  Available with Ubuntu Pro
  php7.2-xml                      7.2.24-0ubuntu0.18.04.17+esm4
                                  Available with Ubuntu Pro
  php7.2-xmlrpc                   7.2.24-0ubuntu0.18.04.17+esm4
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  php7.0                          7.0.33-0ubuntu0.16.04.16+esm10
                                  Available with Ubuntu Pro
  php7.0-cgi                      7.0.33-0ubuntu0.16.04.16+esm10
                                  Available with Ubuntu Pro
  php7.0-cli                      7.0.33-0ubuntu0.16.04.16+esm10
                                  Available with Ubuntu Pro
  php7.0-fpm                      7.0.33-0ubuntu0.16.04.16+esm10
                                  Available with Ubuntu Pro
  php7.0-xml                      7.0.33-0ubuntu0.16.04.16+esm10
                                  Available with Ubuntu Pro
  php7.0-xmlrpc                   7.0.33-0ubuntu0.16.04.16+esm10
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6305-3
  https://ubuntu.com/security/notices/USN-6305-1
  https://launchpad.net/bugs/2071768

Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close