USN-4583-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4583-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4583-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4583-1
Related
Published
2020-10-14T17:42:17.278964Z
Modified
2020-10-14T17:42:17.278964Z
Summary
php5, php7.0, php7.2, php7.4 vulnerabilities
Details

It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-7069)

It was discorevered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. (CVE-2020-7070)

References

Affected packages

Ubuntu:20.04:LTS / php7.4

Package

Name
php7.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.4.3-4ubuntu2.4

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "php7.4-cgi": "7.4.3-4ubuntu2.4",
            "php7.4-sqlite3": "7.4.3-4ubuntu2.4",
            "php7.4-interbase": "7.4.3-4ubuntu2.4",
            "php7.4-intl": "7.4.3-4ubuntu2.4",
            "php7.4-mysql": "7.4.3-4ubuntu2.4",
            "php7.4-dba": "7.4.3-4ubuntu2.4",
            "php7.4-xsl": "7.4.3-4ubuntu2.4",
            "php7.4-gd": "7.4.3-4ubuntu2.4",
            "php7.4-curl": "7.4.3-4ubuntu2.4",
            "php7.4-bz2": "7.4.3-4ubuntu2.4",
            "php7.4-gmp": "7.4.3-4ubuntu2.4",
            "libphp7.4-embed": "7.4.3-4ubuntu2.4",
            "php7.4-tidy": "7.4.3-4ubuntu2.4",
            "php7.4-dev": "7.4.3-4ubuntu2.4",
            "php7.4-snmp": "7.4.3-4ubuntu2.4",
            "php7.4-phpdbg": "7.4.3-4ubuntu2.4",
            "php7.4-imap": "7.4.3-4ubuntu2.4",
            "php7.4-pgsql": "7.4.3-4ubuntu2.4",
            "php7.4": "7.4.3-4ubuntu2.4",
            "php7.4-odbc": "7.4.3-4ubuntu2.4",
            "php7.4-bcmath": "7.4.3-4ubuntu2.4",
            "php7.4-mbstring": "7.4.3-4ubuntu2.4",
            "php7.4-pspell": "7.4.3-4ubuntu2.4",
            "php7.4-json": "7.4.3-4ubuntu2.4",
            "php7.4-xml": "7.4.3-4ubuntu2.4",
            "php7.4-enchant": "7.4.3-4ubuntu2.4",
            "php7.4-opcache": "7.4.3-4ubuntu2.4",
            "php7.4-sybase": "7.4.3-4ubuntu2.4",
            "php7.4-ldap": "7.4.3-4ubuntu2.4",
            "php7.4-zip": "7.4.3-4ubuntu2.4",
            "php7.4-fpm": "7.4.3-4ubuntu2.4",
            "libapache2-mod-php7.4": "7.4.3-4ubuntu2.4",
            "php7.4-readline": "7.4.3-4ubuntu2.4",
            "php7.4-common": "7.4.3-4ubuntu2.4",
            "php7.4-cli": "7.4.3-4ubuntu2.4",
            "php7.4-soap": "7.4.3-4ubuntu2.4",
            "php7.4-xmlrpc": "7.4.3-4ubuntu2.4"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / php5

Package

Name
php5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.5.9+dfsg-1ubuntu4.29+esm13

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "php5-gd": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "libphp5-embed": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-mysqlnd": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php-pear": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-cli": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-fpm": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-pspell": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-mysql": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-curl": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-ldap": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-pgsql": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-xsl": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-readline": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-enchant": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-common": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-dev": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "libapache2-mod-php5filter": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-sybase": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-gmp": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-odbc": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-cgi": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-recode": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "libapache2-mod-php5": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-sqlite": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-snmp": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-intl": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-xmlrpc": "5.5.9+dfsg-1ubuntu4.29+esm13",
            "php5-tidy": "5.5.9+dfsg-1ubuntu4.29+esm13"
        }
    ]
}

Ubuntu:18.04:LTS / php7.2

Package

Name
php7.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.2.24-0ubuntu0.18.04.7

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "php7.2-ldap": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-mbstring": "7.2.24-0ubuntu0.18.04.7",
            "libapache2-mod-php7.2": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-opcache": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-intl": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-bz2": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-gmp": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-sybase": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-bcmath": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-odbc": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-snmp": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-pgsql": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-recode": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-phpdbg": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-interbase": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-cgi": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-sqlite3": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-tidy": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-json": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-xmlrpc": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-fpm": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-curl": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-cli": "7.2.24-0ubuntu0.18.04.7",
            "php7.2": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-xsl": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-zip": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-xml": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-common": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-dba": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-readline": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-mysql": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-imap": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-enchant": "7.2.24-0ubuntu0.18.04.7",
            "libphp7.2-embed": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-gd": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-pspell": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-soap": "7.2.24-0ubuntu0.18.04.7",
            "php7.2-dev": "7.2.24-0ubuntu0.18.04.7"
        }
    ]
}

Ubuntu:16.04:LTS / php7.0

Package

Name
php7.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0.33-0ubuntu0.16.04.16

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "php7.0-cgi": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-pspell": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-enchant": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-xsl": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-readline": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-mysql": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-dba": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-intl": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-zip": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-soap": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-mcrypt": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-gd": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-odbc": "7.0.33-0ubuntu0.16.04.16",
            "libphp7.0-embed": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-interbase": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-recode": "7.0.33-0ubuntu0.16.04.16",
            "php7.0": "7.0.33-0ubuntu0.16.04.16",
            "libapache2-mod-php7.0": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-imap": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-snmp": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-gmp": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-ldap": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-opcache": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-pgsql": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-curl": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-json": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-fpm": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-xmlrpc": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-xml": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-dev": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-tidy": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-sqlite3": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-mbstring": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-cli": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-bcmath": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-bz2": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-sybase": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-common": "7.0.33-0ubuntu0.16.04.16",
            "php7.0-phpdbg": "7.0.33-0ubuntu0.16.04.16"
        }
    ]
}