[USN-6839-1] MariaDB vulnerability
[USN-6841-1] PHP vulnerability
[USN-6839-1] MariaDB vulnerability
=========================================================================
Ubuntu Security Notice USN-6839-1
June 19, 2024
mariadb, mariadb-10.6 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
Summary:
A security issue was fixed in MariaDB
Software Description:
- mariadb: MariaDB database
- mariadb-10.6: MariaDB database
Details:
A security issue was discovered in MariaDB and this update includes
new upstream MariaDB versions to fix the issue.
MariaDB has been updated to 10.6.18 in Ubuntu 22.04 LTS and to 10.11.8 in
Ubuntu 23.10 and Ubuntu 24.04 LTS.
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
mariadb-server 1:10.11.8-0ubuntu0.24.04.1
Ubuntu 23.10
mariadb-server 1:10.11.8-0ubuntu0.23.10.1
Ubuntu 22.04 LTS
mariadb-server 1:10.6.18-0ubuntu0.22.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart MariaDB to
make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6839-1
CVE-2024-21096
Package Information:
https://launchpad.net/ubuntu/+source/mariadb/1:10.11.8-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/mariadb/1:10.11.8-0ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/mariadb-10.6/1:10.6.18-0ubuntu0.22.04.1
[USN-6841-1] PHP vulnerability
==========================================================================
Ubuntu Security Notice USN-6841-1
June 19, 2024
php7.4, php8.1, php8.2, php8.3 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
PHP could be made to accept invalid URLs.
Software Description:
- php8.3: server-side, HTML-embedded scripting language (metapackage)
- php8.2: server-side, HTML-embedded scripting language (metapackage)
- php8.1: HTML-embedded scripting language interpreter
- php7.4: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP could early return in the filter_var function
resulting in invalid user information being treated as valid user
information. An attacker could possibly use this issue to expose raw
user input information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libapache2-mod-php8.3 8.3.6-0ubuntu0.24.04.1
php8.3 8.3.6-0ubuntu0.24.04.1
php8.3-cgi 8.3.6-0ubuntu0.24.04.1
php8.3-cli 8.3.6-0ubuntu0.24.04.1
php8.3-fpm 8.3.6-0ubuntu0.24.04.1
Ubuntu 23.10
libapache2-mod-php8.2 8.2.10-2ubuntu2.2
php8.2 8.2.10-2ubuntu2.2
php8.2-cgi 8.2.10-2ubuntu2.2
php8.2-cli 8.2.10-2ubuntu2.2
php8.2-fpm 8.2.10-2ubuntu2.2
Ubuntu 22.04 LTS
libapache2-mod-php8.1 8.1.2-1ubuntu2.18
php8.1 8.1.2-1ubuntu2.18
php8.1-cgi 8.1.2-1ubuntu2.18
php8.1-cli 8.1.2-1ubuntu2.18
php8.1-fpm 8.1.2-1ubuntu2.18
Ubuntu 20.04 LTS
libapache2-mod-php7.4 7.4.3-4ubuntu2.23
php7.4 7.4.3-4ubuntu2.23
php7.4-cgi 7.4.3-4ubuntu2.23
php7.4-cli 7.4.3-4ubuntu2.23
php7.4-fpm 7.4.3-4ubuntu2.23
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6841-1
CVE-2024-5458
Package Information:
https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/php8.2/8.2.10-2ubuntu2.2
https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.18
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.23