Ubuntu 6586 Published by

The following two security updates are available for Ubuntu Linux:

[USN-6839-1] MariaDB vulnerability
[USN-6841-1] PHP vulnerability




[USN-6839-1] MariaDB vulnerability


=========================================================================
Ubuntu Security Notice USN-6839-1
June 19, 2024

mariadb, mariadb-10.6 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS

Summary:

A security issue was fixed in MariaDB

Software Description:
- mariadb: MariaDB database
- mariadb-10.6: MariaDB database

Details:

A security issue was discovered in MariaDB and this update includes
new upstream MariaDB versions to fix the issue.

MariaDB has been updated to 10.6.18 in Ubuntu 22.04 LTS and to 10.11.8 in
Ubuntu 23.10 and Ubuntu 24.04 LTS.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
mariadb-server 1:10.11.8-0ubuntu0.24.04.1

Ubuntu 23.10
mariadb-server 1:10.11.8-0ubuntu0.23.10.1

Ubuntu 22.04 LTS
mariadb-server 1:10.6.18-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart MariaDB to
make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6839-1
CVE-2024-21096

Package Information:
https://launchpad.net/ubuntu/+source/mariadb/1:10.11.8-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/mariadb/1:10.11.8-0ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/mariadb-10.6/1:10.6.18-0ubuntu0.22.04.1



[USN-6841-1] PHP vulnerability


==========================================================================
Ubuntu Security Notice USN-6841-1
June 19, 2024

php7.4, php8.1, php8.2, php8.3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

PHP could be made to accept invalid URLs.

Software Description:
- php8.3: server-side, HTML-embedded scripting language (metapackage)
- php8.2: server-side, HTML-embedded scripting language (metapackage)
- php8.1: HTML-embedded scripting language interpreter
- php7.4: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP could early return in the filter_var function
resulting in invalid user information being treated as valid user
information. An attacker could possibly use this issue to expose raw
user input information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libapache2-mod-php8.3 8.3.6-0ubuntu0.24.04.1
php8.3 8.3.6-0ubuntu0.24.04.1
php8.3-cgi 8.3.6-0ubuntu0.24.04.1
php8.3-cli 8.3.6-0ubuntu0.24.04.1
php8.3-fpm 8.3.6-0ubuntu0.24.04.1

Ubuntu 23.10
libapache2-mod-php8.2 8.2.10-2ubuntu2.2
php8.2 8.2.10-2ubuntu2.2
php8.2-cgi 8.2.10-2ubuntu2.2
php8.2-cli 8.2.10-2ubuntu2.2
php8.2-fpm 8.2.10-2ubuntu2.2

Ubuntu 22.04 LTS
libapache2-mod-php8.1 8.1.2-1ubuntu2.18
php8.1 8.1.2-1ubuntu2.18
php8.1-cgi 8.1.2-1ubuntu2.18
php8.1-cli 8.1.2-1ubuntu2.18
php8.1-fpm 8.1.2-1ubuntu2.18

Ubuntu 20.04 LTS
libapache2-mod-php7.4 7.4.3-4ubuntu2.23
php7.4 7.4.3-4ubuntu2.23
php7.4-cgi 7.4.3-4ubuntu2.23
php7.4-cli 7.4.3-4ubuntu2.23
php7.4-fpm 7.4.3-4ubuntu2.23

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6841-1
CVE-2024-5458

Package Information:
https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/php8.2/8.2.10-2ubuntu2.2
https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.18
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.23