USN-4330-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4330-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4330-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4330-1
Related
Published
2020-04-15T13:09:42.353371Z
Modified
2020-04-15T13:09:42.353371Z
Summary
php5, php7.0, php7.2, php7.3 vulnerabilities
Details

It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. (CVE-2020-7062)

It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2020-7063)

It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. (CVE-2020-7064)

It was discovered that PHP incorrectly handled certain UTF strings. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 19.10. (CVE-2020-7065)

It was discovered that PHP incorrectly handled certain URLs. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7066)

References

Affected packages

Ubuntu:Pro:14.04:LTS / php5

Package

Name
php5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.5.9+dfsg-1ubuntu4.29+esm11

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "php5-gd": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "libphp5-embed": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-mysqlnd": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php-pear": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-cli": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-fpm": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-pspell": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-mysql": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-curl": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-ldap": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-pgsql": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-xsl": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-readline": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-enchant": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-common": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-dev": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "libapache2-mod-php5filter": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-sybase": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-gmp": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-odbc": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-cgi": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-recode": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "libapache2-mod-php5": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-sqlite": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-snmp": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-intl": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-xmlrpc": "5.5.9+dfsg-1ubuntu4.29+esm11",
            "php5-tidy": "5.5.9+dfsg-1ubuntu4.29+esm11"
        }
    ]
}

Ubuntu:18.04:LTS / php7.2

Package

Name
php7.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.2.24-0ubuntu0.18.04.4

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "php7.2-ldap": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-mbstring": "7.2.24-0ubuntu0.18.04.4",
            "libapache2-mod-php7.2": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-opcache": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-intl": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-bz2": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-gmp": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-sybase": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-bcmath": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-odbc": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-snmp": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-pgsql": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-recode": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-phpdbg": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-interbase": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-cgi": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-sqlite3": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-tidy": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-json": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-xmlrpc": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-fpm": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-curl": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-cli": "7.2.24-0ubuntu0.18.04.4",
            "php7.2": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-xsl": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-zip": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-xml": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-common": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-dba": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-readline": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-mysql": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-imap": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-enchant": "7.2.24-0ubuntu0.18.04.4",
            "libphp7.2-embed": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-gd": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-pspell": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-soap": "7.2.24-0ubuntu0.18.04.4",
            "php7.2-dev": "7.2.24-0ubuntu0.18.04.4"
        }
    ]
}

Ubuntu:16.04:LTS / php7.0

Package

Name
php7.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0.33-0ubuntu0.16.04.14

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "php7.0-cgi": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-pspell": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-enchant": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-xsl": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-readline": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-mysql": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-dba": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-intl": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-zip": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-soap": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-mcrypt": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-gd": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-odbc": "7.0.33-0ubuntu0.16.04.14",
            "libphp7.0-embed": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-interbase": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-recode": "7.0.33-0ubuntu0.16.04.14",
            "php7.0": "7.0.33-0ubuntu0.16.04.14",
            "libapache2-mod-php7.0": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-imap": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-snmp": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-gmp": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-ldap": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-opcache": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-pgsql": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-curl": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-json": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-fpm": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-xmlrpc": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-xml": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-dev": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-tidy": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-sqlite3": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-mbstring": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-cli": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-bcmath": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-bz2": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-sybase": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-common": "7.0.33-0ubuntu0.16.04.14",
            "php7.0-phpdbg": "7.0.33-0ubuntu0.16.04.14"
        }
    ]
}