- Vulnerability/
- USN-5717-1
USN-5717-1: PHP vulnerabilities
First published: Tue Nov 08 2022(Updated: )
It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-31628) It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data (CVE-2022-31629) It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS. (CVE-2022-31630) Nicky Mouha discovered that PHP incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS. (CVE-2022-37454)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/php8.1-cli | <8.1.7-1ubuntu3.1 | 8.1.7-1ubuntu3.1 |
| Ubuntu Ubuntu | =22.10 | |
| All of | ||
| ubuntu/php8.1 | <8.1.7-1ubuntu3.1 | 8.1.7-1ubuntu3.1 |
| Ubuntu Ubuntu | =22.10 | |
| All of | ||
| ubuntu/libapache2-mod-php7.4 | <8.1.7-1ubuntu3.1 | 8.1.7-1ubuntu3.1 |
| Ubuntu Ubuntu | =22.10 | |
| All of | ||
| ubuntu/libapache2-mod-php8.0 | <8.1.7-1ubuntu3.1 | 8.1.7-1ubuntu3.1 |
| Ubuntu Ubuntu | =22.10 | |
| All of | ||
| ubuntu/libapache2-mod-php8.1 | <8.1.7-1ubuntu3.1 | 8.1.7-1ubuntu3.1 |
| Ubuntu Ubuntu | =22.10 | |
| All of | ||
| ubuntu/php8.1-zip | <8.1.7-1ubuntu3.1 | 8.1.7-1ubuntu3.1 |
| Ubuntu Ubuntu | =22.10 | |
| All of | ||
| ubuntu/php8.1-cgi | <8.1.7-1ubuntu3.1 | 8.1.7-1ubuntu3.1 |
| Ubuntu Ubuntu | =22.10 | |
| All of | ||
| ubuntu/php8.1-cli | <8.1.2-1ubuntu2.8 | 8.1.2-1ubuntu2.8 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/php8.1 | <8.1.2-1ubuntu2.8 | 8.1.2-1ubuntu2.8 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/libapache2-mod-php7.4 | <8.1.2-1ubuntu2.8 | 8.1.2-1ubuntu2.8 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/libapache2-mod-php8.0 | <8.1.2-1ubuntu2.8 | 8.1.2-1ubuntu2.8 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/libapache2-mod-php8.1 | <8.1.2-1ubuntu2.8 | 8.1.2-1ubuntu2.8 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/php8.1-zip | <8.1.2-1ubuntu2.8 | 8.1.2-1ubuntu2.8 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/php8.1-cgi | <8.1.2-1ubuntu2.8 | 8.1.2-1ubuntu2.8 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/libapache2-mod-php7.4 | <7.4.3-4ubuntu2.15 | 7.4.3-4ubuntu2.15 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/php7.4-zip | <7.4.3-4ubuntu2.15 | 7.4.3-4ubuntu2.15 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/php7.4-cgi | <7.4.3-4ubuntu2.15 | 7.4.3-4ubuntu2.15 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/php7.4 | <7.4.3-4ubuntu2.15 | 7.4.3-4ubuntu2.15 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/php7.4-cli | <7.4.3-4ubuntu2.15 | 7.4.3-4ubuntu2.15 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/php7.2-cli | <7.2.24-0ubuntu0.18.04.15 | 7.2.24-0ubuntu0.18.04.15 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/php7.2 | <7.2.24-0ubuntu0.18.04.15 | 7.2.24-0ubuntu0.18.04.15 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/libapache2-mod-php7.2 | <7.2.24-0ubuntu0.18.04.15 | 7.2.24-0ubuntu0.18.04.15 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/php7.2-cgi | <7.2.24-0ubuntu0.18.04.15 | 7.2.24-0ubuntu0.18.04.15 |
| Ubuntu Ubuntu | =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2022-31630
- https://ubuntu.com/security/CVE-2022-37454
- https://ubuntu.com/security/CVE-2022-31628
- https://ubuntu.com/security/CVE-2022-31629
- https://ubuntu.com/security/notices/USN-5767-1
- https://ubuntu.com/security/notices/USN-5888-1
- https://ubuntu.com/security/notices/USN-5767-3
- https://ubuntu.com/security/notices/USN-5930-1
- https://ubuntu.com/security/notices/USN-5931-1
- https://ubuntu.com/security/notices/USN-6524-1
- https://ubuntu.com/security/notices/USN-6525-1
- https://ubuntu.com/security/notices/USN-5905-1
- https://launchpad.net/ubuntu/+source/php8.1/8.1.7-1ubuntu3.1
- https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.8
- https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.15
- https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.15
- https://ubuntu.com/security/notices/USN-5717-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this PHP vulnerability?
The vulnerability ID for this PHP vulnerability is CVE-2022-31628.
How does the PHP vulnerability CVE-2022-31628 affect my system?
The PHP vulnerability CVE-2022-31628 can allow an attacker to cause a denial of service.
What is the recommended solution for the PHP vulnerability CVE-2022-31628?
To fix the PHP vulnerability CVE-2022-31628, you should update to version 8.1.7-1ubuntu3.1 of the PHP package.
Which versions of Ubuntu are affected by the PHP vulnerability CVE-2022-31628?
The PHP vulnerability CVE-2022-31628 affects Ubuntu versions 22.10, 22.04, 20.04, and 18.04.
Where can I find more information about the PHP vulnerability CVE-2022-31628?
You can find more information about the PHP vulnerability CVE-2022-31628 at the following link: [CVE-2022-31628](https://ubuntu.com/security/CVE-2022-31628)
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-5767-1
- anchor-related/USN-5888-1
- anchor-related/USN-5767-3
- anchor-related/USN-5930-1
- anchor-related/USN-5931-1
- anchor-related/USN-6524-1
- anchor-related/USN-6525-1
- anchor-related/USN-5905-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/22.10
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04