========================================================================== Ubuntu Security Notice USN-5300-2 March 03, 2022 php7.2, php7.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php7.4: HTML-embedded scripting language interpreter - php7.2: HTML-embedded scripting language interpreter Details: USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. (CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. (CVE-2017-9119) It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information. (CVE-2021-21707) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: php7.4-cgi 7.4.3-4ubuntu2.10 php7.4-cli 7.4.3-4ubuntu2.10 php7.4-fpm 7.4.3-4ubuntu2.10 Ubuntu 18.04 LTS: php7.2-cgi 7.2.24-0ubuntu0.18.04.11 php7.2-cli 7.2.24-0ubuntu0.18.04.11 php7.2-fpm 7.2.24-0ubuntu0.18.04.11 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5300-2 https://ubuntu.com/security/notices/USN-5300-1 CVE-2017-8923, CVE-2017-9118, CVE-2017-9119, CVE-2017-9120, CVE-2021-21707 Package Information: https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.10 https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.11