========================================================================== Ubuntu Security Notice USN-5905-1 March 02, 2023 php7.0 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in PHP. Software Description: - php7.0: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-31628) It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. (CVE-2022-31629) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-31631) It was discovered that PHP incorrectly handled resolving long paths. A remote attacker could possibly use this issue to obtain or modify sensitive information. (CVE-2023-0568) It was discovered that PHP incorrectly handled a large number of field and file parts in HTTP form uploads. A remote attacker could possibly use this issue to cause PHP to consume resources, leading to a denial of service. (CVE-2023-0662) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.16+esm5 php7.0 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-cgi 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-cli 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-sqlite3 7.0.33-0ubuntu0.16.04.16+esm5 php7.0-zip 7.0.33-0ubuntu0.16.04.16+esm5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5905-1 CVE-2022-31628, CVE-2022-31629, CVE-2022-31631, CVE-2023-0568, CVE-2023-0662