Ubuntu: (Multiple Advisories) (CVE-2024-11233): PHP vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-11233): PHP vulnerabilities

Severity

9

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:C)

Published

11/24/2024

Created

12/17/2024

Added

12/16/2024

Modified

01/31/2025

Description

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Solution(s)

• ubuntu-pro-upgrade-libapache2-mod-php7-0
• ubuntu-pro-upgrade-libapache2-mod-php7-4
• ubuntu-pro-upgrade-libapache2-mod-php8-0
• ubuntu-pro-upgrade-libapache2-mod-php8-1
• ubuntu-pro-upgrade-libapache2-mod-php8-3
• ubuntu-pro-upgrade-php7-0
• ubuntu-pro-upgrade-php7-0-cgi
• ubuntu-pro-upgrade-php7-0-cli
• ubuntu-pro-upgrade-php7-0-ldap
• ubuntu-pro-upgrade-php7-0-mysql
• ubuntu-pro-upgrade-php7-4
• ubuntu-pro-upgrade-php7-4-cgi
• ubuntu-pro-upgrade-php7-4-cli
• ubuntu-pro-upgrade-php7-4-fpm
• ubuntu-pro-upgrade-php7-4-mysql
• ubuntu-pro-upgrade-php8-1
• ubuntu-pro-upgrade-php8-1-cgi
• ubuntu-pro-upgrade-php8-1-cli
• ubuntu-pro-upgrade-php8-1-enchant
• ubuntu-pro-upgrade-php8-1-fpm
• ubuntu-pro-upgrade-php8-1-mysql
• ubuntu-pro-upgrade-php8-3
• ubuntu-pro-upgrade-php8-3-cgi
• ubuntu-pro-upgrade-php8-3-cli
• ubuntu-pro-upgrade-php8-3-fpm
• ubuntu-pro-upgrade-php8-3-mysql

References

• https://attackerkb.com/topics/cve-2024-11233
• CVE - 2024-11233
• USN-7157-1
• USN-7157-2
• USN-7157-3