- Vulnerability/
- USN-4330-1
USN-4330-1: PHP vulnerabilities
First published: Wed Apr 15 2020(Updated: )
It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. (CVE-2020-7062) It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2020-7063) It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. (CVE-2020-7064) It was discovered that PHP incorrectly handled certain UTF strings. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2020-7065) It was discovered that PHP incorrectly handled certain URLs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7066)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libapache2-mod-php7.3 | <7.3.11-0ubuntu0.19.10.4 | 7.3.11-0ubuntu0.19.10.4 |
| =19.10 | ||
| All of | ||
| ubuntu/php7.3-cgi | <7.3.11-0ubuntu0.19.10.4 | 7.3.11-0ubuntu0.19.10.4 |
| =19.10 | ||
| All of | ||
| ubuntu/php7.3-cli | <7.3.11-0ubuntu0.19.10.4 | 7.3.11-0ubuntu0.19.10.4 |
| =19.10 | ||
| All of | ||
| ubuntu/php7.3-fpm | <7.3.11-0ubuntu0.19.10.4 | 7.3.11-0ubuntu0.19.10.4 |
| =19.10 | ||
| All of | ||
| ubuntu/php7.3-mbstring | <7.3.11-0ubuntu0.19.10.4 | 7.3.11-0ubuntu0.19.10.4 |
| =19.10 | ||
| All of | ||
| ubuntu/libapache2-mod-php7.2 | <7.2.24-0ubuntu0.18.04.4 | 7.2.24-0ubuntu0.18.04.4 |
| =18.04 | ||
| All of | ||
| ubuntu/php7.2 | <7.2.24-0ubuntu0.18.04.4 | 7.2.24-0ubuntu0.18.04.4 |
| =18.04 | ||
| All of | ||
| ubuntu/php7.2-cgi | <7.2.24-0ubuntu0.18.04.4 | 7.2.24-0ubuntu0.18.04.4 |
| =18.04 | ||
| All of | ||
| ubuntu/php7.2-cli | <7.2.24-0ubuntu0.18.04.4 | 7.2.24-0ubuntu0.18.04.4 |
| =18.04 | ||
| All of | ||
| ubuntu/php7.2-fpm | <7.2.24-0ubuntu0.18.04.4 | 7.2.24-0ubuntu0.18.04.4 |
| =18.04 | ||
| All of | ||
| ubuntu/libapache2-mod-php7.0 | <7.0.33-0ubuntu0.16.04.14 | 7.0.33-0ubuntu0.16.04.14 |
| =16.04 | ||
| All of | ||
| ubuntu/php7.0-cgi | <7.0.33-0ubuntu0.16.04.14 | 7.0.33-0ubuntu0.16.04.14 |
| =16.04 | ||
| All of | ||
| ubuntu/php7.0-cli | <7.0.33-0ubuntu0.16.04.14 | 7.0.33-0ubuntu0.16.04.14 |
| =16.04 | ||
| All of | ||
| ubuntu/php7.0-fpm | <7.0.33-0ubuntu0.16.04.14 | 7.0.33-0ubuntu0.16.04.14 |
| =16.04 | ||
| All of | ||
| ubuntu/libapache2-mod-php5 | <5.5.9+dfsg-1ubuntu4.29+esm11 | 5.5.9+dfsg-1ubuntu4.29+esm11 |
| =14.04 | ||
| All of | ||
| ubuntu/php5-cgi | <5.5.9+dfsg-1ubuntu4.29+esm11 | 5.5.9+dfsg-1ubuntu4.29+esm11 |
| =14.04 | ||
| All of | ||
| ubuntu/php5-cli | <5.5.9+dfsg-1ubuntu4.29+esm11 | 5.5.9+dfsg-1ubuntu4.29+esm11 |
| =14.04 | ||
| All of | ||
| ubuntu/php5-fpm | <5.5.9+dfsg-1ubuntu4.29+esm11 | 5.5.9+dfsg-1ubuntu4.29+esm11 |
| =14.04 | ||
| All of | ||
| ubuntu/libapache2-mod-php5 | <5.3.10-1ubuntu3.45 | 5.3.10-1ubuntu3.45 |
| =12.04 | ||
| All of | ||
| ubuntu/php5-cgi | <5.3.10-1ubuntu3.45 | 5.3.10-1ubuntu3.45 |
| =12.04 | ||
| All of | ||
| ubuntu/php5-cli | <5.3.10-1ubuntu3.45 | 5.3.10-1ubuntu3.45 |
| =12.04 | ||
| All of | ||
| ubuntu/php5-fpm | <5.3.10-1ubuntu3.45 | 5.3.10-1ubuntu3.45 |
| =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2020-7062
- https://ubuntu.com/security/CVE-2020-7063
- https://ubuntu.com/security/CVE-2020-7064
- https://ubuntu.com/security/CVE-2020-7065
- https://ubuntu.com/security/CVE-2020-7066
- https://ubuntu.com/security/notices/USN-4330-2
- https://launchpad.net/ubuntu/+source/php7.3/7.3.11-0ubuntu0.19.10.4
- https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.4
- https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.14
- https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.29+esm11
- https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.45
- https://ubuntu.com/security/notices/USN-4330-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is CVE-2020-7062.
What software versions are affected by this vulnerability?
The software versions affected by this vulnerability include libapache2-mod-php7.3, php7.3-cgi, php7.3-cli, php7.3-fpm, php7.3-mbstring, libapache2-mod-php7.2, php7.2, php7.2-cgi, php7.2-cli, php7.2-fpm, libapache2-mod-php7.0, php7.0-cgi, php7.0-cli, php7.0-fpm, libapache2-mod-php5, php5-cgi, php5-cli, php5-fpm.
What is the severity of CVE-2020-7062?
The severity of CVE-2020-7062 is not provided in the advisory.
How can I fix the PHP vulnerabilities?
To fix the PHP vulnerabilities, update the affected software versions to the recommended remedy versions.
Where can I find more information about the PHP vulnerabilities?
You can find more information about the PHP vulnerabilities in the provided references.
- agent/references
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- agent/title
- collector/usn
- source/Ubuntu
- anchor-related/USN-4330-2
- agent/software-canonical-lookup
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/19.10
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04
- version/ubuntu ubuntu/12.04