Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 : PHP vulnerabilities (USN-5006-1)

medium Nessus Plugin ID 151444

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5006-1 advisory.

- In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. (CVE-2020-7068)

- In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL. (CVE-2020-7071)

- In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. (CVE-2021-21702)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-5006-1

Plugin Details

Severity: Medium

ID: 151444

File Name: ubuntu_USN-5006-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 7/7/2021

Updated: 1/17/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2021-21705

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:18.04:-:lts, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, cpe:/o:canonical:ubuntu_linux:20.10, cpe:/o:canonical:ubuntu_linux:21.04, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.2, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-php7.4, p-cpe:/a:canonical:ubuntu_linux:libphp7.2-embed, p-cpe:/a:canonical:ubuntu_linux:libphp7.4-embed, p-cpe:/a:canonical:ubuntu_linux:php7.2, p-cpe:/a:canonical:ubuntu_linux:php7.2-bcmath, p-cpe:/a:canonical:ubuntu_linux:php7.2-bz2, p-cpe:/a:canonical:ubuntu_linux:php7.2-cgi, p-cpe:/a:canonical:ubuntu_linux:php7.2-cli, p-cpe:/a:canonical:ubuntu_linux:php7.2-common, p-cpe:/a:canonical:ubuntu_linux:php7.2-curl, p-cpe:/a:canonical:ubuntu_linux:php7.2-dba, p-cpe:/a:canonical:ubuntu_linux:php7.2-dev, p-cpe:/a:canonical:ubuntu_linux:php7.2-enchant, p-cpe:/a:canonical:ubuntu_linux:php7.2-fpm, p-cpe:/a:canonical:ubuntu_linux:php7.2-gd, p-cpe:/a:canonical:ubuntu_linux:php7.2-gmp, p-cpe:/a:canonical:ubuntu_linux:php7.2-imap, p-cpe:/a:canonical:ubuntu_linux:php7.2-interbase, p-cpe:/a:canonical:ubuntu_linux:php7.2-intl, p-cpe:/a:canonical:ubuntu_linux:php7.2-json, p-cpe:/a:canonical:ubuntu_linux:php7.2-ldap, p-cpe:/a:canonical:ubuntu_linux:php7.2-mbstring, p-cpe:/a:canonical:ubuntu_linux:php7.2-mysql, p-cpe:/a:canonical:ubuntu_linux:php7.2-odbc, p-cpe:/a:canonical:ubuntu_linux:php7.2-opcache, p-cpe:/a:canonical:ubuntu_linux:php7.2-pgsql, p-cpe:/a:canonical:ubuntu_linux:php7.2-phpdbg, p-cpe:/a:canonical:ubuntu_linux:php7.2-pspell, p-cpe:/a:canonical:ubuntu_linux:php7.2-readline, p-cpe:/a:canonical:ubuntu_linux:php7.2-recode, p-cpe:/a:canonical:ubuntu_linux:php7.2-snmp, p-cpe:/a:canonical:ubuntu_linux:php7.2-soap, p-cpe:/a:canonical:ubuntu_linux:php7.2-sqlite3, p-cpe:/a:canonical:ubuntu_linux:php7.2-sybase, p-cpe:/a:canonical:ubuntu_linux:php7.2-tidy, p-cpe:/a:canonical:ubuntu_linux:php7.2-xml, p-cpe:/a:canonical:ubuntu_linux:php7.2-xmlrpc, p-cpe:/a:canonical:ubuntu_linux:php7.2-xsl, p-cpe:/a:canonical:ubuntu_linux:php7.2-zip, p-cpe:/a:canonical:ubuntu_linux:php7.4, p-cpe:/a:canonical:ubuntu_linux:php7.4-bcmath, p-cpe:/a:canonical:ubuntu_linux:php7.4-bz2, p-cpe:/a:canonical:ubuntu_linux:php7.4-cgi, p-cpe:/a:canonical:ubuntu_linux:php7.4-cli, p-cpe:/a:canonical:ubuntu_linux:php7.4-common, p-cpe:/a:canonical:ubuntu_linux:php7.4-curl, p-cpe:/a:canonical:ubuntu_linux:php7.4-dba, p-cpe:/a:canonical:ubuntu_linux:php7.4-dev, p-cpe:/a:canonical:ubuntu_linux:php7.4-enchant, p-cpe:/a:canonical:ubuntu_linux:php7.4-fpm, p-cpe:/a:canonical:ubuntu_linux:php7.4-gd, p-cpe:/a:canonical:ubuntu_linux:php7.4-gmp, p-cpe:/a:canonical:ubuntu_linux:php7.4-imap, p-cpe:/a:canonical:ubuntu_linux:php7.4-interbase, p-cpe:/a:canonical:ubuntu_linux:php7.4-intl, p-cpe:/a:canonical:ubuntu_linux:php7.4-json, p-cpe:/a:canonical:ubuntu_linux:php7.4-ldap, p-cpe:/a:canonical:ubuntu_linux:php7.4-mbstring, p-cpe:/a:canonical:ubuntu_linux:php7.4-mysql, p-cpe:/a:canonical:ubuntu_linux:php7.4-odbc, p-cpe:/a:canonical:ubuntu_linux:php7.4-opcache, p-cpe:/a:canonical:ubuntu_linux:php7.4-pgsql, p-cpe:/a:canonical:ubuntu_linux:php7.4-phpdbg, p-cpe:/a:canonical:ubuntu_linux:php7.4-pspell, p-cpe:/a:canonical:ubuntu_linux:php7.4-readline, p-cpe:/a:canonical:ubuntu_linux:php7.4-snmp, p-cpe:/a:canonical:ubuntu_linux:php7.4-soap, p-cpe:/a:canonical:ubuntu_linux:php7.4-sqlite3, p-cpe:/a:canonical:ubuntu_linux:php7.4-sybase, p-cpe:/a:canonical:ubuntu_linux:php7.4-tidy, p-cpe:/a:canonical:ubuntu_linux:php7.4-xml, p-cpe:/a:canonical:ubuntu_linux:php7.4-xmlrpc, p-cpe:/a:canonical:ubuntu_linux:php7.4-xsl, p-cpe:/a:canonical:ubuntu_linux:php7.4-zip

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 7/7/2021

Vulnerability Publication Date: 8/10/2020

Reference Information

CVE: CVE-2020-7068, CVE-2020-7071, CVE-2021-21702, CVE-2021-21704, CVE-2021-21705

USN: 5006-1

IAVA: 2020-A-0373-S, 2021-A-0009-S, 2021-A-0082-S