USN-6757-2: PHP vulnerabilities

Read Time:37 Second

USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem.

Original advisory details:

It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-4900)

It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to cookie by pass.
(CVE-2024-2756)

It was discovered that PHP incorrectly handled some passwords.
An attacker could possibly use this issue to cause an account takeover
attack. (CVE-2024-3096)

Friday Squid Blogging: Live Colossal Squid Filmed

Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure

Age Verification Using Facial Scans

NTLM Hash Exploit Targets Poland and Romania Days After Patch

Senators Urge Cyber-Threat Sharing Law Extension Before Deadline

Identity Attacks Now Comprise a Third of Intrusions

Microsoft Thwarts $4bn in Fraud Attempts

CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension

Network Edge Devices the Biggest Entry Point for Attacks on SMBs

digikam-8.6.0-4.fc40

digikam-8.6.0-4.fc41

digikam-8.6.0-4.fc42

epiphany-47.5-1.fc41

epiphany-48.1-1.fc42

icecat-115.22.0-2.rh1.fc42