[월:] 2020년 04월

USN-4330-1: PHP vulnerabilities php5, php7.0, php7.2, php7.3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in PHP. Software Description php7.3 – server-side, HTML-embedded scripting language (metapackage) php7.2 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter php5 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. (CVE-2020-7062) It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. (CVE-2020-7063) It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. (CVE-2020-7064) [ more… ]

USN-4329-1: Git vulnerability git vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Git could be made to expose sensitive information. Software Description git – fast, scalable, distributed revision control system Details Felix Wilhelm discovered that Git incorrectly handled certain URLs that included newlines. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 git – 1:2.20.1-2ubuntu1.19.10.2 Ubuntu 18.04 LTS git – 1:2.17.1-1ubuntu0.6 Ubuntu 16.04 LTS git – 1:2.7.4-0ubuntu1.8 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2020-5260 Source: USN-4329-1: Git vulnerability