USN-6305-3: PHP regression
3 July 2024
USN-6305-2 caused a regression in parsing XML.
Releases
Packages
- php7.0 - HTML-embedded scripting language interpreter
- php7.2 - HTML-embedded scripting language interpreter
Details
USN-6305-2 fixed a vulnerability in PHP. The update caused a regression
in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fix it.
Original advisory details:
It was discovered that PHP incorrectly handled certain XML files.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2023-3823)
It was discovered that PHP incorrectly handled certain PHAR files.
An attacker could possibly use this issue to cause a crash,
expose sensitive information or execute arbitrary code.
(CVE-2023-3824)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
php7.2
-
7.2.24-0ubuntu0.18.04.17+esm4
Available with Ubuntu Pro
-
php7.2-cgi
-
7.2.24-0ubuntu0.18.04.17+esm4
Available with Ubuntu Pro
-
php7.2-cli
-
7.2.24-0ubuntu0.18.04.17+esm4
Available with Ubuntu Pro
-
php7.2-fpm
-
7.2.24-0ubuntu0.18.04.17+esm4
Available with Ubuntu Pro
-
php7.2-xml
-
7.2.24-0ubuntu0.18.04.17+esm4
Available with Ubuntu Pro
-
php7.2-xmlrpc
-
7.2.24-0ubuntu0.18.04.17+esm4
Available with Ubuntu Pro
Ubuntu 16.04
-
php7.0
-
7.0.33-0ubuntu0.16.04.16+esm10
Available with Ubuntu Pro
-
php7.0-cgi
-
7.0.33-0ubuntu0.16.04.16+esm10
Available with Ubuntu Pro
-
php7.0-cli
-
7.0.33-0ubuntu0.16.04.16+esm10
Available with Ubuntu Pro
-
php7.0-fpm
-
7.0.33-0ubuntu0.16.04.16+esm10
Available with Ubuntu Pro
-
php7.0-xml
-
7.0.33-0ubuntu0.16.04.16+esm10
Available with Ubuntu Pro
-
php7.0-xmlrpc
-
7.0.33-0ubuntu0.16.04.16+esm10
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.