This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7536871086438687100==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------j3srODP3YaDFyU0i3Yrcr7xy"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------j3srODP3YaDFyU0i3Yrcr7xy
Content-Type: multipart/mixed;
 boundary="------------me82MNdeRpPMXTnNwsIRQ3ez";
 protected-headers="v1"
From: Ian Constantin <ian.constantin@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <0a9cfb04-b049-456a-b933-c8da13dfe9a2@canonical.com>
Subject: [USN-7049-3] PHP vulnerabilities

--------------me82MNdeRpPMXTnNwsIRQ3ez
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7049-3
February 26, 2025

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
- php5: HTML-embedded scripting language interpreter

Details:

USN-7049-1 fixed vulnerabilities in PHP. This update
provides the corresponding updates for Ubuntu 14.04 LTS.

Original advisory details:

  It was discovered that PHP incorrectly handled parsing multipart form
  data.A remote attacker could possibly use this issue to inject payloads
  and cause PHP to ignore legitimate data. (CVE-2024-8925)

  It was discovered that PHP incorrectly handled the cgi.force_redirect
  configuration option due to environment variable collisions. In certain
  configurations, an attacker could possibly use this issue bypass
  force_redirect restrictions. (CVE-2024-8927)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
   libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro
   php5                            5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro
   php5-cgi                        5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro
   php5-cli                        5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro
   php5-fpm                        5.5.9+dfsg-1ubuntu4.29+esm16
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7049-3
   https://ubuntu.com/security/notices/USN-7049-2
   https://ubuntu.com/security/notices/USN-7049-1
   CVE-2024-8925, CVE-2024-8927

--------------me82MNdeRpPMXTnNwsIRQ3ez--

--------------j3srODP3YaDFyU0i3Yrcr7xy
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmfAJ/0FAwAAAAAACgkQa1+PL+d1/Ej+
oQwAkZtYXyKKC/TUXFwkkxKmeX7vPIZjK6QsLvAh22tfQRwKzJzEWBuxU9jr8gTQ9SDISKmKzJFd
aXrC1OKGKgHI01QLkG+wPiVECQ2S9+MxWDPlpJTBaQ7gyk37XdKKm4L6WCtrmIvI0ibIdm6z5o4j
qMtn4pMSgbT88NbwzqmzuQy60njmU1+CjRg3LKnOMH+c3z4WQsPw/v4SmArsBc8tBbKE8gdGghOV
LCFa7T/LhfviETqgDfg9FHro1YJWUYND+t9gu9dE+Pc46M2DTVfOcwfnNgf4h3pZoJlwAQOBqctv
58im4aB1+qbue00Vqn0FJgq6vMS7WGOti6h8nkbKp2vUNpOAvoikoo2F4rM0pbRzVS8fd9rba9z1
/EUQK8lFazzk/w9tRy4NbzucVMPsJ/W2+lNz41kBbObiZtC1gCDIvgYD4V+0O925OcwX8dGuUwiJ
qOOWRPJCo9KDN8tLo0lOVRwlBahA2f6C2kZij2wEYyTinci7bEMmHl3ldgh7
=l06m
-----END PGP SIGNATURE-----

--------------j3srODP3YaDFyU0i3Yrcr7xy--


--===============7536871086438687100==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============7536871086438687100==--