USN-5006-2

It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2020-7068)

It was discovered that PHP incorrectly handled parsing URLs with passwords. A remote attacker could possibly use this issue to cause PHP to mis-parse the URL and produce wrong data. (CVE-2020-7071)

It was discovered that PHP incorrectly handled certain malformed XML data when being parsed by the SOAP extension. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2021-21702)

It was discovered that PHP incorrectly handled the pdo_firebase module. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2021-21704)

It was discovered that PHP incorrectly handled the FILTERVALIDATEURL check. A remote attacker could possibly use this issue to perform a server- side request forgery attack. (CVE-2021-21705)

References

Affected packages

Ubuntu:Pro:14.04:LTS / php5

Package

Name: php5
Purl: pkg:deb/ubuntu/php5@5.5.9+dfsg-1ubuntu4.29+esm14?arch=source&distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.5.9+dfsg-1ubuntu4.29+esm14

Affected versions

5.*

5.5.3+dfsg-1ubuntu2

5.5.3+dfsg-1ubuntu3

5.5.6+dfsg-1ubuntu1

5.5.6+dfsg-1ubuntu2

5.5.8+dfsg-2ubuntu1

5.5.9+dfsg-1ubuntu1

5.5.9+dfsg-1ubuntu2

5.5.9+dfsg-1ubuntu3

5.5.9+dfsg-1ubuntu4

5.5.9+dfsg-1ubuntu4.1

5.5.9+dfsg-1ubuntu4.2

5.5.9+dfsg-1ubuntu4.3

5.5.9+dfsg-1ubuntu4.4

5.5.9+dfsg-1ubuntu4.5

5.5.9+dfsg-1ubuntu4.6

5.5.9+dfsg-1ubuntu4.7

5.5.9+dfsg-1ubuntu4.9

5.5.9+dfsg-1ubuntu4.11

5.5.9+dfsg-1ubuntu4.12

5.5.9+dfsg-1ubuntu4.13

5.5.9+dfsg-1ubuntu4.14

5.5.9+dfsg-1ubuntu4.16

5.5.9+dfsg-1ubuntu4.17

5.5.9+dfsg-1ubuntu4.19

5.5.9+dfsg-1ubuntu4.20

5.5.9+dfsg-1ubuntu4.21

5.5.9+dfsg-1ubuntu4.22

5.5.9+dfsg-1ubuntu4.23

5.5.9+dfsg-1ubuntu4.24

5.5.9+dfsg-1ubuntu4.25

5.5.9+dfsg-1ubuntu4.26

5.5.9+dfsg-1ubuntu4.27

5.5.9+dfsg-1ubuntu4.29

5.5.9+dfsg-1ubuntu4.29+esm1

5.5.9+dfsg-1ubuntu4.29+esm2

5.5.9+dfsg-1ubuntu4.29+esm3

5.5.9+dfsg-1ubuntu4.29+esm4

5.5.9+dfsg-1ubuntu4.29+esm5

5.5.9+dfsg-1ubuntu4.29+esm6

5.5.9+dfsg-1ubuntu4.29+esm8

5.5.9+dfsg-1ubuntu4.29+esm10

5.5.9+dfsg-1ubuntu4.29+esm11

5.5.9+dfsg-1ubuntu4.29+esm12

5.5.9+dfsg-1ubuntu4.29+esm13

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "libapache2-mod-php5"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "libapache2-mod-php5filter"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "libphp5-embed"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php-pear"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-cgi"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-cli"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-common"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-curl"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-dev"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-enchant"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-fpm"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-gd"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-gmp"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-intl"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-ldap"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-mysql"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-mysqlnd"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-odbc"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-pgsql"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-pspell"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-readline"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-recode"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-snmp"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-sqlite"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-sybase"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-tidy"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-xmlrpc"
        },
        {
            "binary_version": "5.5.9+dfsg-1ubuntu4.29+esm14",
            "binary_name": "php5-xsl"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:Pro:14.04:LTS",
    "cves": [
        {
            "id": "CVE-2020-7068",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2020-7071",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2021-21702",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2021-21704",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        },
        {
            "id": "CVE-2021-21705",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        }
    ]
}

Ubuntu:Pro:16.04:LTS / php7.0

Package

Name: php7.0
Purl: pkg:deb/ubuntu/php7.0@7.0.33-0ubuntu0.16.04.16+esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.33-0ubuntu0.16.04.16+esm1

Affected versions

7.*

7.0.1-5

7.0.1-6

7.0.2-1

7.0.2-3

7.0.2-4

7.0.2-5

7.0.3-2

7.0.3-3

7.0.3-9ubuntu1

7.0.4-5ubuntu1

7.0.4-5ubuntu2

7.0.4-7ubuntu1

7.0.4-7ubuntu2

7.0.4-7ubuntu2.1

7.0.8-0ubuntu0.16.04.1

7.0.8-0ubuntu0.16.04.2

7.0.8-0ubuntu0.16.04.3

7.0.13-0ubuntu0.16.04.1

7.0.15-0ubuntu0.16.04.1

7.0.15-0ubuntu0.16.04.2

7.0.15-0ubuntu0.16.04.4

7.0.18-0ubuntu0.16.04.1

7.0.22-0ubuntu0.16.04.1

7.0.25-0ubuntu0.16.04.1

7.0.28-0ubuntu0.16.04.1

7.0.30-0ubuntu0.16.04.1

7.0.32-0ubuntu0.16.04.1

7.0.33-0ubuntu0.16.04.1

7.0.33-0ubuntu0.16.04.2

7.0.33-0ubuntu0.16.04.3

7.0.33-0ubuntu0.16.04.4

7.0.33-0ubuntu0.16.04.5

7.0.33-0ubuntu0.16.04.6

7.0.33-0ubuntu0.16.04.7

7.0.33-0ubuntu0.16.04.9

7.0.33-0ubuntu0.16.04.11

7.0.33-0ubuntu0.16.04.12

7.0.33-0ubuntu0.16.04.14

7.0.33-0ubuntu0.16.04.15

7.0.33-0ubuntu0.16.04.16

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "libapache2-mod-php7.0"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "libphp7.0-embed"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-bcmath"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-bz2"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-cgi"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-cli"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-common"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-curl"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-dba"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-dev"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-enchant"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-fpm"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-gd"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-gmp"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-imap"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-interbase"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-intl"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-json"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-ldap"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-mbstring"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-mcrypt"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-mysql"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-odbc"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-opcache"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-pgsql"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-phpdbg"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-pspell"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-readline"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-recode"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-snmp"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-soap"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-sqlite3"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-sybase"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-tidy"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-xml"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-xmlrpc"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-xsl"
        },
        {
            "binary_version": "7.0.33-0ubuntu0.16.04.16+esm1",
            "binary_name": "php7.0-zip"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:Pro:16.04:LTS",
    "cves": [
        {
            "id": "CVE-2020-7068",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2020-7071",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2021-21702",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ]
        },
        {
            "id": "CVE-2021-21704",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        },
        {
            "id": "CVE-2021-21705",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        }
    ]
}