Headline
Ubuntu Security Notice USN-5530-1
Ubuntu Security Notice 5530-1 - It was discovered that PHP incorrectly handled certain memory operations when obtaining file information. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-5530-1July 25, 2022php8.1 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:PHP could be made to crash or run programs if it processed speciallycrafted data.Software Description:- php8.1: HTML-embedded scripting language interpreterDetails:It was discovered that PHP incorrectly handled certain memory operationswhen obtaining file information. A remote attacker could use this issue tocause PHP to crash, resulting in a denial of service, or possibly executearbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS: libapache2-mod-php8.1 8.1.2-1ubuntu2.2 php8.1-cgi 8.1.2-1ubuntu2.2 php8.1-cli 8.1.2-1ubuntu2.2 php8.1-fpm 8.1.2-1ubuntu2.2 php8.1-mysql 8.1.2-1ubuntu2.2 php8.1-pgsql 8.1.2-1ubuntu2.2In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5530-1 CVE-2022-31627Package Information: https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.2
Related news
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Gentoo Linux Security Advisory 202209-20 - Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. Versions less than 7.4.30:7.4 are affected.
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.