========================================================================== Ubuntu Security Notice USN-7153-1 December 12, 2024 php7.0, php7.2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: PHP could be made to overwrite files. Software Description: - php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled long string inputs in two database drivers. An attacker could possibly use this issue to write files in locations they would not normally have access to. (CVE-2024-11236) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS   libapache2-mod-php7.2           7.2.24-0ubuntu0.18.04.17+esm7                                   Available with Ubuntu Pro   libphp7.2-embed                 7.2.24-0ubuntu0.18.04.17+esm7                                   Available with Ubuntu Pro   php7.2                          7.2.24-0ubuntu0.18.04.17+esm7                                   Available with Ubuntu Pro   php7.2-common                   7.2.24-0ubuntu0.18.04.17+esm7                                   Available with Ubuntu Pro   php7.2-dev                      7.2.24-0ubuntu0.18.04.17+esm7                                   Available with Ubuntu Pro   php7.2-interbase                7.2.24-0ubuntu0.18.04.17+esm7                                   Available with Ubuntu Pro   php7.2-mysql                    7.2.24-0ubuntu0.18.04.17+esm7                                   Available with Ubuntu Pro   php7.2-pgsql                    7.2.24-0ubuntu0.18.04.17+esm7                                   Available with Ubuntu Pro   php7.2-sqlite3                  7.2.24-0ubuntu0.18.04.17+esm7                                   Available with Ubuntu Pro Ubuntu 16.04 LTS   libapache2-mod-php7.0           7.0.33-0ubuntu0.16.04.16+esm13                                   Available with Ubuntu Pro   libphp7.0-embed                 7.0.33-0ubuntu0.16.04.16+esm13                                   Available with Ubuntu Pro   php7.0                          7.0.33-0ubuntu0.16.04.16+esm13                                   Available with Ubuntu Pro   php7.0-common                   7.0.33-0ubuntu0.16.04.16+esm13                                   Available with Ubuntu Pro   php7.0-dev                      7.0.33-0ubuntu0.16.04.16+esm13                                   Available with Ubuntu Pro   php7.0-interbase                7.0.33-0ubuntu0.16.04.16+esm13                                   Available with Ubuntu Pro   php7.0-mysql                    7.0.33-0ubuntu0.16.04.16+esm13                                   Available with Ubuntu Pro   php7.0-pgsql                    7.0.33-0ubuntu0.16.04.16+esm13                                   Available with Ubuntu Pro   php7.0-sqlite3                  7.0.33-0ubuntu0.16.04.16+esm13                                   Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7153-1   CVE-2024-11236