Release Info

Advisory: CLSA-2023:1677784124

OS: Ubuntu 16.04 ELS

Public date: 2023-03-02 00:00:00

Project: php

Version: 7.0.33-0ubuntu0.16.04.17+tuxcare.els4

Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2023-1677784124.html

Changelog

* SECURITY UPDATE: Invalid validation of BCrypt hashes - debian/patches/CVE-2023-0567.patch: Remove "PHP Hack" to fix validation of malformed BCrypt hashes - CVE-2023-0567 * SECURITY UPDATE: Unauthorized data access or modification - debian/patches/CVE-2023-0568.patch: Fix array overrun when appending slash to paths - CVE-2023-0568 * SECURITY UPDATE: DoS vulnerability when parsing multipart request body - debian/patches/CVE-2023-0662.patch: Introduce max_multipart_body_parts INI and fix repeated warning for file uploads limit exciding - CVE-2023-0662

Update

Update command: apt-get update apt-get --only-upgrade install php*

Packages list

libapache2-mod-php7.0_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb libphp7.0-embed_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_all.deb php7.0-bcmath_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-bz2_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-cgi_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-cli_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-common_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-curl_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-dba_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-dev_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-enchant_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-fpm_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-gd_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-gmp_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-imap_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-interbase_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-intl_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-json_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-ldap_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-mbstring_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-mcrypt_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-mysql_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-odbc_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-opcache_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-pgsql_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-phpdbg_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-pspell_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-readline_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-recode_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-snmp_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-soap_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-sqlite3_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-sybase_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-tidy_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-xml_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-xmlrpc_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb php7.0-xsl_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_all.deb php7.0-zip_7.0.33-0ubuntu0.16.04.17+tuxcare.els4_amd64.deb

CVEs

CVE-2023-0568
CVE-2023-0662
CVE-2023-0567