USN-3922-1: PHP vulnerabilities

Releases

• Ubuntu 18.10
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• php7.0 - HTML-embedded scripting language interpreter
• php7.2 - HTML-embedded scripting language interpreter

Details

It was discovered that PHP incorrectly handled certain inputs. An attacker
could possibly use this issue to expose sensitive information. (CVE-2019-9637,
CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10

• libapache2-mod-php7.2 - 7.2.15-0ubuntu0.18.10.2
• php7.2-cgi - 7.2.15-0ubuntu0.18.10.2
• php7.2-cli - 7.2.15-0ubuntu0.18.10.2
• php7.2-fpm - 7.2.15-0ubuntu0.18.10.2

Ubuntu 18.04

• libapache2-mod-php7.2 - 7.2.15-0ubuntu0.18.04.2
• php7.2-cgi - 7.2.15-0ubuntu0.18.04.2
• php7.2-cli - 7.2.15-0ubuntu0.18.04.2
• php7.2-fpm - 7.2.15-0ubuntu0.18.04.2

Ubuntu 16.04

• libapache2-mod-php7.0 - 7.0.33-0ubuntu0.16.04.3
• php7.0-cgi - 7.0.33-0ubuntu0.16.04.3
• php7.0-cli - 7.0.33-0ubuntu0.16.04.3
• php7.0-fpm - 7.0.33-0ubuntu0.16.04.3

In general, a standard system update will make all the necessary changes.

References

• CVE-2019-9637
• CVE-2019-9638
• CVE-2019-9639
• CVE-2019-9640
• CVE-2019-9641

Related notices

• USN-3922-2
• USN-3922-3