- Vulnerability/
- USN-4279-1
USN-4279-1: PHP vulnerabilities
First published: Mon Feb 17 2020(Updated: )
It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libapache2-mod-php7.3 | <7.3.11-0ubuntu0.19.10.3 | 7.3.11-0ubuntu0.19.10.3 |
| =19.10 | ||
| All of | ||
| ubuntu/php7.3-cgi | <7.3.11-0ubuntu0.19.10.3 | 7.3.11-0ubuntu0.19.10.3 |
| =19.10 | ||
| All of | ||
| ubuntu/php7.3-cli | <7.3.11-0ubuntu0.19.10.3 | 7.3.11-0ubuntu0.19.10.3 |
| =19.10 | ||
| All of | ||
| ubuntu/php7.3-fpm | <7.3.11-0ubuntu0.19.10.3 | 7.3.11-0ubuntu0.19.10.3 |
| =19.10 | ||
| All of | ||
| ubuntu/libapache2-mod-php7.2 | <7.2.24-0ubuntu0.18.04.3 | 7.2.24-0ubuntu0.18.04.3 |
| =18.04 | ||
| All of | ||
| ubuntu/php7.2-cgi | <7.2.24-0ubuntu0.18.04.3 | 7.2.24-0ubuntu0.18.04.3 |
| =18.04 | ||
| All of | ||
| ubuntu/php7.2-cli | <7.2.24-0ubuntu0.18.04.3 | 7.2.24-0ubuntu0.18.04.3 |
| =18.04 | ||
| All of | ||
| ubuntu/php7.2-fpm | <7.2.24-0ubuntu0.18.04.3 | 7.2.24-0ubuntu0.18.04.3 |
| =18.04 | ||
| All of | ||
| ubuntu/libapache2-mod-php7.0 | <7.0.33-0ubuntu0.16.04.11 | 7.0.33-0ubuntu0.16.04.11 |
| =16.04 | ||
| All of | ||
| ubuntu/php7.0-cgi | <7.0.33-0ubuntu0.16.04.11 | 7.0.33-0ubuntu0.16.04.11 |
| =16.04 | ||
| All of | ||
| ubuntu/php7.0-cli | <7.0.33-0ubuntu0.16.04.11 | 7.0.33-0ubuntu0.16.04.11 |
| =16.04 | ||
| All of | ||
| ubuntu/php7.0-fpm | <7.0.33-0ubuntu0.16.04.11 | 7.0.33-0ubuntu0.16.04.11 |
| =16.04 | ||
| All of | ||
| ubuntu/libapache2-mod-php5 | <5.5.9+dfsg-1ubuntu4.29+esm10 | 5.5.9+dfsg-1ubuntu4.29+esm10 |
| =14.04 | ||
| All of | ||
| ubuntu/php5-cgi | <5.5.9+dfsg-1ubuntu4.29+esm10 | 5.5.9+dfsg-1ubuntu4.29+esm10 |
| =14.04 | ||
| All of | ||
| ubuntu/php5-cli | <5.5.9+dfsg-1ubuntu4.29+esm10 | 5.5.9+dfsg-1ubuntu4.29+esm10 |
| =14.04 | ||
| All of | ||
| ubuntu/php5-fpm | <5.5.9+dfsg-1ubuntu4.29+esm10 | 5.5.9+dfsg-1ubuntu4.29+esm10 |
| =14.04 | ||
| All of | ||
| ubuntu/libapache2-mod-php5 | <5.3.10-1ubuntu3.44 | 5.3.10-1ubuntu3.44 |
| =12.04 | ||
| All of | ||
| ubuntu/php5-cgi | <5.3.10-1ubuntu3.44 | 5.3.10-1ubuntu3.44 |
| =12.04 | ||
| All of | ||
| ubuntu/php5-cli | <5.3.10-1ubuntu3.44 | 5.3.10-1ubuntu3.44 |
| =12.04 | ||
| All of | ||
| ubuntu/php5-fpm | <5.3.10-1ubuntu3.44 | 5.3.10-1ubuntu3.44 |
| =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2015-9253
- https://ubuntu.com/security/CVE-2020-7059
- https://ubuntu.com/security/CVE-2020-7060
- https://ubuntu.com/security/notices/USN-3766-1
- https://ubuntu.com/security/notices/USN-5300-1
- https://launchpad.net/ubuntu/+source/php7.3/7.3.11-0ubuntu0.19.10.3
- https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.3
- https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.11
- https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.29+esm10
- https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.44
- https://ubuntu.com/security/notices/USN-4279-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID of this advisory?
The vulnerability ID of this advisory is USN-4279-1.
What is the title of the vulnerability?
The title of the vulnerability is PHP vulnerabilities.
What is the severity of the vulnerability?
The severity of the vulnerability is not provided in the information.
What is the affected software?
The affected software is PHP versions: 7.3.11-0ubuntu0.19.10.3, 7.2.24-0ubuntu0.18.04.3, 7.0.33-0ubuntu0.16.04.11, 5.5.9+dfsg-1ubuntu4.29+esm10, and 5.3.10-1ubuntu3.44 on Ubuntu 19.10, 18.04, 16.04, and 12.04.
How do I fix the vulnerability?
To fix the vulnerability, apply the recommended security updates for PHP packages: libapache2-mod-php7.3, libapache2-mod-php7.2, libapache2-mod-php7.0, libapache2-mod-php5, php7.3-cgi, php7.3-cli, php7.3-fpm, php7.2-cgi, php7.2-cli, php7.2-fpm, php7.0-cgi, php7.0-cli, php7.0-fpm, php5-cgi, php5-cli, and php5-fpm.
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- agent/tags
- agent/title
- agent/description
- agent/references
- collector/usn
- source/Ubuntu
- anchor-related/USN-3766-1
- anchor-related/USN-5300-1
- agent/software-canonical-lookup
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/19.10
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04
- version/ubuntu ubuntu/12.04