drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in PHP
Name: |
Ausführen beliebiger Kommandos in PHP |
|
ID: |
USN-5125-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, Ubuntu 21.04, Ubuntu 16.04 ESM, Ubuntu 21.10 |
|
Datum: |
Do, 28. Oktober 2021, 06:25 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703 |
|
Applikationen: |
PHP |
|
Originalnachricht |
--===============8604855820069678713== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline
--SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-5125-1 October 27, 2021
php5, php7.0, php7.2, php7.4, php8.0 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10 - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM
Summary:
PHP-PFM in PHP could be made to run program as an administrator if it received specially crafted input.
Software Description: - php8.0: HTML-embedded scripting language interpreter - php7.4: HTML-embedded scripting language interpreter - php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP-FPM in PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: php8.0-fpm 8.0.8-1ubuntu0.1
Ubuntu 21.04: php7.4-fpm 7.4.16-1ubuntu2.2
Ubuntu 20.04 LTS: php7.4-fpm 7.4.3-4ubuntu2.7
Ubuntu 18.04 LTS: php7.2-fpm 7.2.24-0ubuntu0.18.04.10
Ubuntu 16.04 ESM: php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm2
Ubuntu 14.04 ESM: php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm15
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5125-1 CVE-2021-21703
Package Information: https://launchpad.net/ubuntu/+source/php8.0/8.0.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/php7.4/7.4.16-1ubuntu2.2 https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.7 https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.10
--SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmF534wACgkQRbznW4QL H2nj/g//aDkcQ+6wd9WAPjlk8W0i2efR1FlxCNwFIE/VxJAO741j5xTqFIiYi8hX raHmtyBgFJUEV1PNIo22DOfyK0OlUlLD/C5flVdi2lUhJWYEGZ0JvBNK4+saX5nv YJdL1Jl3moPsjdIFxNN1szEN90YeGiTn9jkfzXrvMZSUUF79H6ZaxdGlGSUA0n6o afmW3b/IN3604G4cswKlsvqAGB1sm3i6FQeqvj4JWahhWwlWhCNWijFuD/+UqaGM OZHi9wX5okmIm987qGjS4G/9PihCucxMOml2aBWR5+B3PegZ5MdaLmgLUtYG0DrH Ii+vaHgTgYbNxDSGGEmT+9Yt0i/mxjuLhExQI/Awmx5MRkA7Qia3jerafX2GM/KW agRCHlpG/U4rc3uPzRqGM1LMMi1dw3s+XqpX5OoIXTwhAwgDYJxuydMUazyajyPU eOLca8OLnp8WGZgp+pblTNOwJhIKKP5EZbffRzj8UrD64bJIRYu/Z1ACJ9vCYmeR zmmbMxPaVoX/jFXFgl378GwY36tco0PeXcaP++Go+bQhsPKPTq42zckIqTIEriAR vQz/Z0RwmbTS+UpzlwUJsIhzhILjffo63z3fx9TIaTrt6UMcKRxxJLTc7mnUGdpW FPz2QJEpbCsXdA5ONMKXVrhGJgvI0lfBLpJ3c4dq3LXzzd3/lus= =OggZ -----END PGP SIGNATURE-----
--SLDf9lqlvOQaIe6s--
--===============8604855820069678713== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|