drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in PHP
| Name: |
Ausführen beliebiger Kommandos in PHP |
|
| ID: |
USN-5303-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 20.04 LTS, Ubuntu 21.10 |
|
| Datum: |
Mo, 28. Februar 2022, 22:57 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21708 |
|
| Applikationen: |
PHP |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7144980527971300805==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------4eUy097dItyXO0BXYKN2dXnx"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------4eUy097dItyXO0BXYKN2dXnx
Content-Type: multipart/mixed;
boundary="------------IHAh1a3lZWWCZQua5O08Q3d5";
protected-headers="v1"
From: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <382f1aa6-d0ac-36da-a4d6-ab5aab7aa595@canonical.com>
Subject: [USN-5303-1] PHP vulnerability
--------------IHAh1a3lZWWCZQua5O08Q3d5
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
==========================================================================
Ubuntu Security Notice USN-5303-1
February 28, 2022
php7.4, php8.0 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
PHP could be made to crash or run programs if it received specially crafted
input.
Software Description:
- php8.0: HTML-embedded scripting language interpreter
- php7.4: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
php8.0-cgi 8.0.8-1ubuntu0.2
php8.0-cli 8.0.8-1ubuntu0.2
php8.0-fpm 8.0.8-1ubuntu0.2
Ubuntu 20.04 LTS:
php7.4-cgi 7.4.3-4ubuntu2.9
php7.4-cli 7.4.3-4ubuntu2.9
php7.4-fpm 7.4.3-4ubuntu2.9
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5303-1
CVE-2021-21708
Package Information:
https://launchpad.net/ubuntu/+source/php8.0/8.0.8-1ubuntu0.2
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.9
p!խ?ee?e�???<Cwy??2???"ܗ;@W`?vuy?
??z{Sʗ???bq?b?邛"?v????jg
|
|
|
|
