Sicherheit: Ausführen beliebiger Kommandos in PHP

Lesezeichen hinzufügen

--===============8604855820069678713==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="SLDf9lqlvOQaIe6s"
Content-Disposition: inline

--SLDf9lqlvOQaIe6s
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-5125-1
October 27, 2021

php5, php7.0, php7.2, php7.4, php8.0 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

PHP-PFM in PHP could be made to run program as an administrator
if it received specially crafted input.

Software Description:
- php8.0: HTML-embedded scripting language interpreter
- php7.4: HTML-embedded scripting language interpreter
- php7.2: HTML-embedded scripting language interpreter
- php7.0: HTML-embedded scripting language interpreter
- php5: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP-FPM in PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
php8.0-fpm 8.0.8-1ubuntu0.1

Ubuntu 21.04:
php7.4-fpm 7.4.16-1ubuntu2.2

Ubuntu 20.04 LTS:
php7.4-fpm 7.4.3-4ubuntu2.7

Ubuntu 18.04 LTS:
php7.2-fpm 7.2.24-0ubuntu0.18.04.10

Ubuntu 16.04 ESM:
php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm2

Ubuntu 14.04 ESM:
php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm15

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5125-1
CVE-2021-21703

Package Information:
https://launchpad.net/ubuntu/+source/php8.0/8.0.8-1ubuntu0.1
https://launchpad.net/ubuntu/+source/php7.4/7.4.16-1ubuntu2.2
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.7
https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.10

--SLDf9lqlvOQaIe6s
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmF534wACgkQRbznW4QL
H2nj/g//aDkcQ+6wd9WAPjlk8W0i2efR1FlxCNwFIE/VxJAO741j5xTqFIiYi8hX
raHmtyBgFJUEV1PNIo22DOfyK0OlUlLD/C5flVdi2lUhJWYEGZ0JvBNK4+saX5nv
YJdL1Jl3moPsjdIFxNN1szEN90YeGiTn9jkfzXrvMZSUUF79H6ZaxdGlGSUA0n6o
afmW3b/IN3604G4cswKlsvqAGB1sm3i6FQeqvj4JWahhWwlWhCNWijFuD/+UqaGM
OZHi9wX5okmIm987qGjS4G/9PihCucxMOml2aBWR5+B3PegZ5MdaLmgLUtYG0DrH
Ii+vaHgTgYbNxDSGGEmT+9Yt0i/mxjuLhExQI/Awmx5MRkA7Qia3jerafX2GM/KW
agRCHlpG/U4rc3uPzRqGM1LMMi1dw3s+XqpX5OoIXTwhAwgDYJxuydMUazyajyPU
eOLca8OLnp8WGZgp+pblTNOwJhIKKP5EZbffRzj8UrD64bJIRYu/Z1ACJ9vCYmeR
zmmbMxPaVoX/jFXFgl378GwY36tco0PeXcaP++Go+bQhsPKPTq42zckIqTIEriAR
vQz/Z0RwmbTS+UpzlwUJsIhzhILjffo63z3fx9TIaTrt6UMcKRxxJLTc7mnUGdpW
FPz2QJEpbCsXdA5ONMKXVrhGJgvI0lfBLpJ3c4dq3LXzzd3/lus=
=OggZ
-----END PGP SIGNATURE-----

--SLDf9lqlvOQaIe6s--

--===============8604855820069678713==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce