- Vulnerability/
- USN-4583-1
USN-4583-1: PHP vulnerabilities
First published: Wed Oct 14 2020(Updated: )
It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7069) It was discorevered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. (CVE-2020-7070)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libapache2-mod-php7.4 | <7.4.3-4ubuntu2.4 | 7.4.3-4ubuntu2.4 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/php7.4-cgi | <7.4.3-4ubuntu2.4 | 7.4.3-4ubuntu2.4 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/php7.4-cli | <7.4.3-4ubuntu2.4 | 7.4.3-4ubuntu2.4 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/php7.4-curl | <7.4.3-4ubuntu2.4 | 7.4.3-4ubuntu2.4 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/php7.4-fpm | <7.4.3-4ubuntu2.4 | 7.4.3-4ubuntu2.4 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/libapache2-mod-php7.2 | <7.2.24-0ubuntu0.18.04.7 | 7.2.24-0ubuntu0.18.04.7 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/php7.2-cgi | <7.2.24-0ubuntu0.18.04.7 | 7.2.24-0ubuntu0.18.04.7 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/php7.2-cli | <7.2.24-0ubuntu0.18.04.7 | 7.2.24-0ubuntu0.18.04.7 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/php7.2-curl | <7.2.24-0ubuntu0.18.04.7 | 7.2.24-0ubuntu0.18.04.7 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/php7.2-fpm | <7.2.24-0ubuntu0.18.04.7 | 7.2.24-0ubuntu0.18.04.7 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libapache2-mod-php7.0 | <7.0.33-0ubuntu0.16.04.16 | 7.0.33-0ubuntu0.16.04.16 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/php7.0-cgi | <7.0.33-0ubuntu0.16.04.16 | 7.0.33-0ubuntu0.16.04.16 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/php7.0-cli | <7.0.33-0ubuntu0.16.04.16 | 7.0.33-0ubuntu0.16.04.16 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/php7.0-curl | <7.0.33-0ubuntu0.16.04.16 | 7.0.33-0ubuntu0.16.04.16 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/php7.0-fpm | <7.0.33-0ubuntu0.16.04.16 | 7.0.33-0ubuntu0.16.04.16 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/libapache2-mod-php5 | <5.5.9+dfsg-1ubuntu4.29+esm13 | 5.5.9+dfsg-1ubuntu4.29+esm13 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/php5-cgi | <5.5.9+dfsg-1ubuntu4.29+esm13 | 5.5.9+dfsg-1ubuntu4.29+esm13 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/php5-cli | <5.5.9+dfsg-1ubuntu4.29+esm13 | 5.5.9+dfsg-1ubuntu4.29+esm13 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/php5-curl | <5.5.9+dfsg-1ubuntu4.29+esm13 | 5.5.9+dfsg-1ubuntu4.29+esm13 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/php5-fpm | <5.5.9+dfsg-1ubuntu4.29+esm13 | 5.5.9+dfsg-1ubuntu4.29+esm13 |
| Ubuntu Ubuntu | =14.04 | |
| All of | ||
| ubuntu/libapache2-mod-php5 | <5.3.10-1ubuntu3.48 | 5.3.10-1ubuntu3.48 |
| Ubuntu Ubuntu | =12.04 | |
| All of | ||
| ubuntu/php5-cgi | <5.3.10-1ubuntu3.48 | 5.3.10-1ubuntu3.48 |
| Ubuntu Ubuntu | =12.04 | |
| All of | ||
| ubuntu/php5-cli | <5.3.10-1ubuntu3.48 | 5.3.10-1ubuntu3.48 |
| Ubuntu Ubuntu | =12.04 | |
| All of | ||
| ubuntu/php5-curl | <5.3.10-1ubuntu3.48 | 5.3.10-1ubuntu3.48 |
| Ubuntu Ubuntu | =12.04 | |
| All of | ||
| ubuntu/php5-fpm | <5.3.10-1ubuntu3.48 | 5.3.10-1ubuntu3.48 |
| Ubuntu Ubuntu | =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2020-7069
- https://ubuntu.com/security/CVE-2020-7070
- https://ubuntu.com/security/notices/USN-4583-2
- https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.4
- https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.7
- https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.16
- https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.29+esm13
- https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.48
- https://ubuntu.com/security/notices/USN-4583-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-4583-1.
What is the severity of USN-4583-1?
The severity of USN-4583-1 is not mentioned in the advisory.
Which versions of Ubuntu are affected by this vulnerability?
This vulnerability only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
What is the affected software?
The affected software includes libapache2-mod-php7.4, php7.4-cgi, php7.4-cli, php7.4-curl, php7.4-fpm, libapache2-mod-php7.2, php7.2-cgi, php7.2-cli, php7.2-curl, php7.2-fpm, libapache2-mod-php7.0, php7.0-cgi, php7.0-cli, php7.0-curl, php7.0-fpm, libapache2-mod-php5, php5-cgi, php5-cli, php5-curl, and php5-fpm.
How do I fix the vulnerability in Ubuntu 18.04 LTS?
To fix the vulnerability in Ubuntu 18.04 LTS, update the libapache2-mod-php7.2 package to version 7.2.24-0ubuntu0.18.04.7.
- collector/usn
- anchor-related/USN-4583-2
- agent/severity
- agent/references
- agent/title
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04
- version/ubuntu ubuntu/12.04