Lucene search
UbuntuUSN-6757-1HistoryApr 29, 2024 - 12:00 a.m.
PHP vulnerabilities
2024-04-2900:00:00
ubuntu.com
12
ubuntu lts
php versions
vulnerability
cookies
account takeover
cve-2022-4900
cve-2024-2756
cve-2024-3096
security advisory
Releases
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
Packages
- php7.0 - HTML-embedded scripting language interpreter
- php7.2 - HTML-embedded scripting language interpreter
- php7.4 - HTML-embedded scripting language interpreter
- php8.1 - HTML-embedded scripting language interpreter
Details
It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-4900)
It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to cookie by pass.
(CVE-2024-2756)
It was discovered that PHP incorrectly handled some passwords.
An attacker could possibly use this issue to cause an account takeover
attack. (CVE-2024-3096)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.04 | noarch | libapache2-mod-php8.1 | < 8.1.2-1ubuntu2.16 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libapache2-mod-php7.4 | < 8.1.2-1ubuntu2.16 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libapache2-mod-php8.0 | < 8.1.2-1ubuntu2.16 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libapache2-mod-php8.1-dbgsym | < 8.1.2-1ubuntu2.16 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libphp8.1-embed | < 8.1.2-1ubuntu2.16 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libphp8.1-embed-dbgsym | < 8.1.2-1ubuntu2.16 | UNKNOWN |
| Ubuntu | 22.04 | noarch | php8.1 | < 8.1.2-1ubuntu2.16 | UNKNOWN |
| Ubuntu | 22.04 | noarch | php8.1-bcmath | < 8.1.2-1ubuntu2.16 | UNKNOWN |
| Ubuntu | 22.04 | noarch | php8.1-bcmath-dbgsym | < 8.1.2-1ubuntu2.16 | UNKNOWN |
| Ubuntu | 22.04 | noarch | php8.1-bz2 | < 8.1.2-1ubuntu2.16 | UNKNOWN |
Related
osv
osv
php7.0, php7.2, php7.4, php8.1 vulnerabilities
2024-04-29 14:19:01
php7.4, php8.1, php8.2 vulnerabilities
2024-05-02 15:57:55
php7.3 - security update
2024-05-07 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6757-1)
2024-04-30 00:00:00
Ubuntu: Security Advisory (USN-6757-2)
2024-05-03 00:00:00
Debian: Security Advisory (DLA-3810-1)
2024-05-08 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2024-05-02 00:00:00
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : PHP vulnerabilities (USN-6757-1)
2024-04-29 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : PHP vulnerabilities (USN-6757-2)
2024-05-02 00:00:00
Debian dla-3810 : libapache2-mod-php7.3 - security update
2024-05-08 00:00:00
debian
debian
[SECURITY] [DLA 3810-1] php7.3 security update
2024-05-07 23:31:06
[SECURITY] [DSA 5660-1] php7.4 security update
2024-04-15 19:25:52
[SECURITY] [DSA 5661-1] php8.2 security update
2024-04-15 19:27:08
mageia
mageia
Updated php packages fix security vulnerabilities
2024-04-13 19:56:38
fedora
fedora
[SECURITY] Fedora 39 Update: php-8.2.18-1.fc39
2024-04-19 01:18:35
[SECURITY] Fedora 38 Update: php-8.2.18-1.fc38
2024-04-19 02:53:20
[SECURITY] Fedora 40 Update: php-8.3.6-1.fc40
2024-04-19 21:43:53
slackware
slackware
[slackware-security] php
2024-04-12 19:36:41
cvelist
cvelist
cbl_mariner
cbl_mariner
CVE-2024-3096 affecting package php for versions less than 8.3.4-1
2024-05-17 21:38:35
CVE-2024-3096 affecting package php for versions less than 8.1.28-1
2024-05-06 17:48:02
CVE-2024-2756 affecting package php for versions less than 8.1.28-1
2024-05-06 17:48:02
ubuntucve
ubuntucve
redhatcve
redhatcve
alpinelinux
alpinelinux
CVE-2024-3096
2024-04-29 04:15:08
CVE-2024-2756
2024-04-29 04:15:07
debiancve
debiancve
cve
cve
prion
prion
Heap overflow
2023-11-02 16:15:00
freebsd
freebsd
php -- Multiple vulnerabilities
2024-04-11 00:00:00
cloudlinux
cloudlinux
php: Fix of 2 CVEs
2024-05-09 18:56:08
redhat
redhat
(RHSA-2023:0848) Moderate: php:8.0 security update
2023-02-21 08:48:54
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00