usn-4279-2
Vulnerability from osv_ubuntu
USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2015-9253)
It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-7059)
It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2020-7060)
| URL | Type | |
|---|---|---|
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [],
"ecosystem": "Ubuntu:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libapache2-mod-php7.0",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "libphp7.0-embed",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-bcmath",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-bz2",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-cgi",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-cli",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-common",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-curl",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-dba",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-enchant",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-fpm",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-gd",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-gmp",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-imap",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-interbase",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-intl",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-json",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-ldap",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-mbstring",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-mcrypt",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-mysql",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-odbc",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-opcache",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-pgsql",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-phpdbg",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-pspell",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-readline",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-recode",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-snmp",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-soap",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-sqlite3",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-sybase",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-tidy",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-xml",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-xmlrpc",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-xsl",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
},
{
"binary_name": "php7.0-zip",
"binary_version": "7.0.33-0ubuntu0.16.04.12"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "php7.0",
"purl": "pkg:deb/ubuntu/php7.0@7.0.33-0ubuntu0.16.04.12?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.33-0ubuntu0.16.04.12"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.0.1-5",
"7.0.1-6",
"7.0.2-1",
"7.0.2-3",
"7.0.2-4",
"7.0.2-5",
"7.0.3-2",
"7.0.3-3",
"7.0.3-9ubuntu1",
"7.0.4-5ubuntu1",
"7.0.4-5ubuntu2",
"7.0.4-7ubuntu1",
"7.0.4-7ubuntu2",
"7.0.4-7ubuntu2.1",
"7.0.8-0ubuntu0.16.04.1",
"7.0.8-0ubuntu0.16.04.2",
"7.0.8-0ubuntu0.16.04.3",
"7.0.13-0ubuntu0.16.04.1",
"7.0.15-0ubuntu0.16.04.1",
"7.0.15-0ubuntu0.16.04.2",
"7.0.15-0ubuntu0.16.04.4",
"7.0.18-0ubuntu0.16.04.1",
"7.0.22-0ubuntu0.16.04.1",
"7.0.25-0ubuntu0.16.04.1",
"7.0.28-0ubuntu0.16.04.1",
"7.0.30-0ubuntu0.16.04.1",
"7.0.32-0ubuntu0.16.04.1",
"7.0.33-0ubuntu0.16.04.1",
"7.0.33-0ubuntu0.16.04.2",
"7.0.33-0ubuntu0.16.04.3",
"7.0.33-0ubuntu0.16.04.4",
"7.0.33-0ubuntu0.16.04.5",
"7.0.33-0ubuntu0.16.04.6",
"7.0.33-0ubuntu0.16.04.7",
"7.0.33-0ubuntu0.16.04.9",
"7.0.33-0ubuntu0.16.04.11"
]
}
],
"aliases": [],
"details": "USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression.\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n It was discovered that PHP incorrectly handled certain scripts.\n An attacker could possibly use this issue to cause a denial of service.\n This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS.\n (CVE-2015-9253)\n \n It was discovered that PHP incorrectly handled certain inputs. An attacker\n could possibly use this issue to expose sensitive information.\n (CVE-2020-7059)\n \n It was discovered that PHP incorrectly handled certain inputs.\n An attacker could possibly use this issue to execute arbitrary code.\n This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS\n and Ubuntu 19.10. (CVE-2020-7060)\n",
"id": "USN-4279-2",
"modified": "2026-04-22T07:36:38Z",
"published": "2020-02-19T17:33:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4279-2"
},
{
"type": "REPORT",
"url": "https://launchpad.net/bugs/1863850"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "php7.0 regression",
"upstream": []
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.