Ubuntu Security Notice USN-5818-1 ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[15] Download^[16]

        ==========================================================================
Ubuntu Security Notice USN-5818-1
January 23, 2023
php7.2, php7.4, php8.1 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
PHP could be made do crash or execute arbitrary code if it received
a specially crafted input.
Software Description:
- php8.1: HTML-embedded scripting language interpreter
- php7.4: HTML-embedded scripting language interpreter
- php7.2: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
libapache2-mod-php7.4           8.1.7-1ubuntu3.2
libapache2-mod-php8.0           8.1.7-1ubuntu3.2
libapache2-mod-php8.1           8.1.7-1ubuntu3.2
php8.1                          8.1.7-1ubuntu3.2
php8.1-cgi                      8.1.7-1ubuntu3.2
php8.1-cli                      8.1.7-1ubuntu3.2
php8.1-sqlite3                  8.1.7-1ubuntu3.2
Ubuntu 22.04 LTS:
libapache2-mod-php7.4           8.1.2-1ubuntu2.10
libapache2-mod-php8.0           8.1.2-1ubuntu2.10
libapache2-mod-php8.1           8.1.2-1ubuntu2.10
php8.1                          8.1.2-1ubuntu2.10
php8.1-cgi                      8.1.2-1ubuntu2.10
php8.1-cli                      8.1.2-1ubuntu2.10
php8.1-sqlite3                  8.1.2-1ubuntu2.10
Ubuntu 20.04 LTS:
libapache2-mod-php7.4           7.4.3-4ubuntu2.17
php7.4                          7.4.3-4ubuntu2.17
php7.4-cgi                      7.4.3-4ubuntu2.17
php7.4-cli                      7.4.3-4ubuntu2.17
php7.4-sqlite3                  7.4.3-4ubuntu2.17
Ubuntu 18.04 LTS:
libapache2-mod-php7.2           7.2.24-0ubuntu0.18.04.16
php7.2                          7.2.24-0ubuntu0.18.04.16
php7.2-cgi                      7.2.24-0ubuntu0.18.04.16
php7.2-cli                      7.2.24-0ubuntu0.18.04.16
php7.2-sqlite3                  7.2.24-0ubuntu0.18.04.16
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5818-1
CVE-2022-31631
Package Information:
https://launchpad.net/ubuntu/+source/php8.1/8.1.7-1ubuntu3.2
https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.10
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.17
https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.16

• Follow us on Twitter^[19]
• Subscribe to an RSS Feed^[20]

File Tags

• ActiveX^[21] (932)
• Advisory^[22] (79,938)
• Arbitrary^[23] (15,753)
• BBS^[24] (2,859)
• Bypass^[25] (1,631)
• CGI^[26] (1,019)
• Code Execution^[27] (6,955)
• Conference^[28] (674)
• Cracker^[29] (840)
• CSRF^[30] (3,294)
• DoS^[31] (22,689)
• Encryption^[32] (2,353)
• Exploit^[33] (50,495)
• File Inclusion^[34] (4,172)
• File Upload^[35] (948)
• Firewall^[36] (821)
• Info Disclosure^[37] (2,671)
• Intrusion Detection^[38] (869)
• Java^[39] (2,927)
• JavaScript^[40] (823)
• Kernel^[41] (6,330)
• Local^[42] (14,225)
• Magazine^[43] (586)
• Overflow^[44] (12,448)
• Perl^[45] (1,418)
• PHP^[46] (5,099)
• Proof of Concept^[47] (2,293)
• Protocol^[48] (3,441)
• Python^[49] (1,468)
• Remote^[50] (30,115)
• Root^[51] (3,516)
• Rootkit^[52] (501)
• Ruby^[53] (596)
• Scanner^[54] (1,633)
• Security Tool^[55] (7,799)
• Shell^[56] (3,112)
• Shellcode^[57] (1,206)
• Sniffer^[58] (889)
• Spoof^[59] (2,173)
• SQL Injection^[60] (16,130)
• TCP^[61] (2,382)
• Trojan^[62] (686)
• UDP^[63] (878)
• Virus^[64] (662)
• Vulnerability^[65] (31,195)
• Web^[66] (9,390)
• Whitepaper^[67] (3,733)
• x86^[68] (946)
• XSS^[69] (17,515)
• Other^[70]

File Archives

• January 2023^[71]
• December 2022^[72]
• November 2022^[73]
• October 2022^[74]
• September 2022^[75]
• August 2022^[76]
• July 2022^[77]
• June 2022^[78]
• May 2022^[79]
• April 2022^[80]
• March 2022^[81]
• February 2022^[82]
• Older^[83]

Systems

• AIX^[84] (426)
• Apple^[85] (1,936)
• BSD^[86] (370)
• CentOS^[87] (55)
• Cisco^[88] (1,917)
• Debian^[89] (6,656)
• Fedora^[90] (1,690)
• FreeBSD^[91] (1,242)
• Gentoo^[92] (4,288)
• HPUX^[93] (878)
• iOS^[94] (334)
• iPhone^[95] (108)
• IRIX^[96] (220)
• Juniper^[97] (67)
• Linux^[98] (44,494)
• Mac OS X^[99] (684)
• Mandriva^[100] (3,105)
• NetBSD^[101] (255)
• OpenBSD^[102] (479)
• RedHat^[103] (12,552)
• Slackware^[104] (941)
• Solaris^[105] (1,609)
• SUSE^[106] (1,444)
• Ubuntu^[107] (8,249)
• UNIX^[108] (9,181)
• UnixWare^[109] (185)
• Windows^[110] (6,514)
• Other^[111]

© 2022 Packet Storm. All rights reserved.

Read more https://packetstormsecurity.com/files/170646/USN-5818-1.txt