drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in PHP
Name: |
Ausführen beliebiger Kommandos in PHP |
|
ID: |
USN-5303-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 20.04 LTS, Ubuntu 21.10 |
|
Datum: |
Mo, 28. Februar 2022, 22:57 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708 |
|
Applikationen: |
PHP |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============7144980527971300805== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------4eUy097dItyXO0BXYKN2dXnx"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------4eUy097dItyXO0BXYKN2dXnx Content-Type: multipart/mixed; boundary="------------IHAh1a3lZWWCZQua5O08Q3d5"; protected-headers="v1" From: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> Reply-To: security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <382f1aa6-d0ac-36da-a4d6-ab5aab7aa595@canonical.com> Subject: [USN-5303-1] PHP vulnerability
--------------IHAh1a3lZWWCZQua5O08Q3d5 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5303-1 February 28, 2022
php7.4, php8.0 vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10 - Ubuntu 20.04 LTS
Summary:
PHP could be made to crash or run programs if it received specially crafted input.
Software Description: - php8.0: HTML-embedded scripting language interpreter - php7.4: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: php8.0-cgi 8.0.8-1ubuntu0.2 php8.0-cli 8.0.8-1ubuntu0.2 php8.0-fpm 8.0.8-1ubuntu0.2
Ubuntu 20.04 LTS: php7.4-cgi 7.4.3-4ubuntu2.9 php7.4-cli 7.4.3-4ubuntu2.9 php7.4-fpm 7.4.3-4ubuntu2.9
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5303-1 CVE-2021-21708
Package Information: https://launchpad.net/ubuntu/+source/php8.0/8.0.8-1ubuntu0.2 https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.9 p!խ?ee?e???<Cwy??2???"ܗ;@W`?vuy? ??z{Sʗ???bq?b?邛"?v????jg
|
|
|
|