USN-4166-1: PHP vulnerability

Reference Links

• https://ubuntu.com/security/CVE-2019-11043
• https://ubuntu.com/security/notices/{'id': 'USN-4166-2', 'packages': 'php5-pgsql, libphp5-embed, php5-cli, php5-mysqlnd, php5-dev, php5-curl, php5-fpm, php5, libapache2-mod-php5filter, php5-common, php5-sybase, php5-snmp, php5-gd, php5-gmp, libapache2-mod-php5, php-pear, php5-recode, php5-cgi, php5-tidy, php5-odbc, php5-pspell, php5-readline, php5-xsl, php5-xmlrpc, php5-sqlite, php5-intl, php5-ldap, php5-mysql, php5-enchant'}
• https://launchpad.net/ubuntu/+source/php7.3/7.3.11-0ubuntu0.19.10.1
• https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.19.04.1
• https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.1
• https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.7
• https://ubuntu.com/security/notices/USN-4166-1 (Advisory)

Child vulnerabilities

(Contains the following vulnerabilities)

• CVE-2019-11043

Frequently Asked Questions

• What is USN-4166-1?

  USN-4166-1 is a security vulnerability in PHP that allows remote attackers to execute arbitrary code.

• How does the PHP vulnerability affect me?

  The PHP vulnerability affects users who have the affected versions of PHP installed and are using FastCGI configurations.

• What is the severity of USN-4166-1?

  The severity of USN-4166-1 is high.

• How can I fix the PHP vulnerability?

  To fix the PHP vulnerability, update your PHP installations to version 7.3.11-0ubuntu0.19.10.1 (for Ubuntu 19.10), 7.2.24-0ubuntu0.19.04.1 (for Ubuntu 19.04), 7.2.24-0ubuntu0.18.04.1 (for Ubuntu 18.04), or 7.0.33-0ubuntu0.16.04.7 (for Ubuntu 16.04).

• Where can I find more information about USN-4166-1?

  More information about USN-4166-1 can be found on the Ubuntu Security Notices website and the provided references.