Ubuntu Security Notice USN-5905-1

Ubuntu Security Notice USN-5905-1: Posted Mar 3, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5905-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.; tags | advisory, denial of service, arbitrary, php; systems | linux, ubuntu; advisories | CVE-2022-31628, CVE-2022-31629, CVE-2022-31631, CVE-2023-0568, CVE-2023-0662; SHA-256 | 568ea4cc2d068c625914a2aca31e396f31df3ead8417e7cc93c9f33b2b47b9ac; Download | Favorite | View

Ubuntu Security Notice USN-5905-1

==========================================================================
Ubuntu Security Notice USN-5905-1
March 02, 2023

php7.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in PHP.

Software Description:
- php7.0: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain gzip files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-31628)

It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to compromise data integrity.
(CVE-2022-31629)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2022-31631)

It was discovered that PHP incorrectly handled resolving long paths. A
remote attacker could possibly use this issue to obtain or modify sensitive
information. (CVE-2023-0568)

It was discovered that PHP incorrectly handled a large number of field 
and file
parts in HTTP form uploads. A remote attacker could possibly use this 
issue to
cause PHP to consume resources, leading to a denial of service. 
(CVE-2023-0662)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.16+esm5
   php7.0 7.0.33-0ubuntu0.16.04.16+esm5
   php7.0-cgi 7.0.33-0ubuntu0.16.04.16+esm5
   php7.0-cli 7.0.33-0ubuntu0.16.04.16+esm5
   php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm5
   php7.0-sqlite3 7.0.33-0ubuntu0.16.04.16+esm5
   php7.0-zip 7.0.33-0ubuntu0.16.04.16+esm5

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5905-1 
<https://ubuntu.com/security/notices/USN-5905-1>
   CVE-2022-31628, CVE-2022-31629, CVE-2022-31631, CVE-2023-0568,
   CVE-2023-0662

Top Authors In Last 30 Days

Red Hat 235 files
Ubuntu 50 files
Debian 19 files
LiquidWorm 16 files
Apple 9 files
Gentoo 5 files
Alter Prime 3 files
Google Security Research 3 files
Pierre Kim 2 files
EQSTLab 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

Ubuntu Security Notice USN-5905-1

Ubuntu Security Notice USN-5905-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-5905-1

Share This

Ubuntu Security Notice USN-5905-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems