==========================================================================
Ubuntu Security Notice USN-3953-1
April 23, 2019

php7.0, php7.2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
– php7.2: HTML-embedded scripting language interpreter
– php7.0: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain exif tags in JPEG
images. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libapache2-mod-php7.2 7.2.17-0ubuntu0.19.04.1
php7.2-cgi 7.2.17-0ubuntu0.19.04.1
php7.2-cli 7.2.17-0ubuntu0.19.04.1
php7.2-fpm 7.2.17-0ubuntu0.19.04.1

Ubuntu 18.10:
libapache2-mod-php7.2 7.2.17-0ubuntu0.18.10.1
php7.2-cgi 7.2.17-0ubuntu0.18.10.1
php7.2-cli 7.2.17-0ubuntu0.18.10.1
php7.2-fpm 7.2.17-0ubuntu0.18.10.1

Ubuntu 18.04 LTS:
libapache2-mod-php7.2 7.2.17-0ubuntu0.18.04.1
php7.2-cgi 7.2.17-0ubuntu0.18.04.1
php7.2-cli 7.2.17-0ubuntu0.18.04.1
php7.2-fpm 7.2.17-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.4
php7.0-cgi 7.0.33-0ubuntu0.16.04.4
php7.0-cli 7.0.33-0ubuntu0.16.04.4
php7.0-fpm 7.0.33-0ubuntu0.16.04.4

In Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04, this update uses a new
upstream release, which includes additional bug fixes.

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3953-1
CVE-2019-11034, CVE-2019-11035

Package Information:
https://launchpad.net/ubuntu/+source/php7.2/7.2.17-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/php7.2/7.2.17-0ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/php7.2/7.2.17-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.4

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAly/DlcACgkQZWnYVadE
vpOyIA//VjTrw1B0Ov5agtzDHYVNxGtfC9WNs3lEadmTiT7uutPVCu/m28MTcEuK
Z1DF/DjAhIrbuSQYUwHIiSWomPYEqHsKS+HrQYtTk8QPEROqNTtp6Sf9kMIUjV2x
sdXCjmID0zzT6gQKJkhz9M+cGMadmjw2psYNfF2vQKwThq0+huHhUMRf1U713Ydv
ZBjHnACQ6fn5KX3oM+hlPLQy5aXnuPDutno7+H9KjlpeKqPTl6Rxh0bc9zzTOUlA
AVQQ5XvBoCLRktJ0z/qSGIl0QN141qFbIRWb7nIMV4wtgZlDnvki0AYmMZFxxD4g
lxF17d8/BSNMYOOnfUmHP2i5XIoSvc4RICMEORIrX2vcJXUfc6QW3eFgv1CHOdfU
1sefoNxjMe6u9KBM/nbN2zQ1Dxn+s6VDRP2Bhm90ObptQaZQh65M7QgnJpy0tSqO
YO4veoW4NDktmtZ8VKNjKfbr4RLAF2AA9NnP11psK2cJBbOjD7/VCpo2/NBDxNMu
kF9S1WQ41a7zliiIQLcXAP6mBfBwkXpbK5xK2Yh3ZNuqoYI22xuS8ky4SxvWd99a
F+Gict1tthKwb8G2tXG8jRS+S55+deWtpbjyQCWYlwF68XlL+barYDqpZUpM7MQy
0iAQgHF0UsSmdYGVWoDudsUhK4yL0FUhntFJJ0g1LwVrHz8px+c=
=1icI
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3922-2
April 23, 2019

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
– php5: HTML-embedded scripting language interpreter

Details:

USN-3922-1 fixed vulnerabilities in PHP. This update provides the
corresponding update for Ubuntu 14.04 LTS.

It was discovered that PHP incorrectly handled certain files. An
attacker could possibly use this issue to access sensitive information.
(CVE-2019-9022)

It was discovered that PHP incorrectly handled certain files. An
attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-9675)

Original advisory details:

 It was discovered that PHP incorrectly handled certain inputs. An
 attacker could possibly use this issue to expose sensitive
 information. (CVE-2019-9637, CVE-2019-9638, CVE-2019-9639,
 CVE-2019-9640, CVE-2019-9641)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  libapache2-mod-php5             5.5.9+dfsg-1ubuntu4.29
  php5-cgi                        5.5.9+dfsg-1ubuntu4.29
  php5-cli                        5.5.9+dfsg-1ubuntu4.29
  php5-fpm                        5.5.9+dfsg-1ubuntu4.29
  php5-xmlrpc                     5.5.9+dfsg-1ubuntu4.29

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3922-2
  https://usn.ubuntu.com/usn/usn-3922-1
  CVE-2019-9022, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639,
  CVE-2019-9640, CVE-2019-9641, CVE-2019-9675

Package Information:
  https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.29—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJcvyJqAAoJEEW851uECx9pPrEP/3nP9yoq+ccnzgiKNXvTt/6V
hCPLkcutNFXyMPQR/AjOO3rEDqLrbF+r2y43pf8nP1k3vsVaPla0f1ICXsKqqDuj
/Cwb2KxyMZOeNe15ql3fNn7kOUmOeU/HzQFkqF32i99PGvL+4Ib5CWuuasKBedtx
NcCdSGIlTA5F4kQu3BV/S3Uwwy4DCAxF/DiajHhv7lEIkNCtGPVhXABlGjHc+KH9
ZUavvUwPK+qW/sGBceY55ujryLBxTUo1h+DUrWgc914D5TKOZTaY+Ku98pvu7yxp
pCQ+PAi/K1VO2ofRJ6I+rl+Jo2SHLdJXTuNhibsFIuPjuskI9Pnz+pCRHwe1Zw4H
u+1wRdjR3ceMgpIy5xMkPkxpUq0pBUk5DNAeuhzys/kD8xYL82x4EnnHdTbd8YTn
+3V+4R9H64+EfZ5S/UYsvwuvb26cI3J1cYjBoozB55RgRDTXYDEalUDxIfRJ+eVQ
yh4QNVNjw6kOd+LtwDV9mrhWZbLqO93TUDBmMlx8Fs/qsdEPl+u/kxktJqQg3++K
+Kr2Ixukpv/LNtRw4YtrHLHUlZ79YGge9LaVqQuszmSJc91SdjP4zJM9+o6Rt0R4
rgGPzo3WWK7/W4Jv/PkLZNmlqlCW/zynwhOC71isXWn1pBhNuY9DpbclaTNAhZVx
Q7VAU52Bec06cjDqJ9th
=VT/Y
—–END PGP SIGNATURE—–
—