And when I say in all, it is in all. In the last few weeks, so many security flaws have appeared that it is easy to get lost. In reality, what has been discovered and corrected has been more or less the usual, but two special guests have appeared: the SWAPGS Attack y one that affected the Plasma graphics environment. Something that does fall within "normal" is what they corrected yesterday: a PHP vulnerability It affected all versions of Ubuntu.
Canonical has released two versions of the patches to correct this flaw: a for naturally supported versions, for Ubuntu 19.04, Ubuntu 18.04, and Ubuntu 16.04, and otra for two versions that enjoy ESM or Extended Security Maintenance support, for Ubuntu 14.04 and Ubuntu 12.04. In the case of the versions supported in their normal life cycle, the vulnerability in PHP 7.0 and PHP 7.2, while in Ubuntu 14.04 ESM and Ubuntu 12.04 ESM they have fixed it in PHP5.
The PHP vulnerability has also been fixed in the ESM versions of Ubuntu
For all the rest, what they have fixed has been the same in all versions from Ubuntu and its official flavors: Errors CVE-2019-11041 and CVE-2019-11042 describe a PHP vulnerability that mishandled certain images and could be used to cause denial of service (DoS) to cause a crash or execute arbitrary code.
The packages that have been updated to correct this bug are:
On Ubuntu 19.04
libapache2-mod-php7.2 – 7.2.19-0ubuntu0.19.04.2
php7.2-cgi - 7.2.19-0ubuntu0.19.04.2
php7.2-cli - 7.2.19-0ubuntu0.19.04.2
php7.2-fpm - 7.2.19-0ubuntu0.19.04.2
php7.2-xmlrpc - 7.2.19-0ubuntu0.19.04.2
On Ubuntu 18.04 LTS
libapache2-mod-php7.2 – 7.2.19-0ubuntu0.18.04.2
php7.2-cgi - 7.2.19-0ubuntu0.18.04.2
php7.2-cli - 7.2.19-0ubuntu0.18.04.2
php7.2-fpm - 7.2.19-0ubuntu0.18.04.2
php7.2-xmlrpc - 7.2.19-0ubuntu0.18.04.2
On Ubuntu 16.04 LTS
libapache2-mod-php7.0 – 7.0.33-0ubuntu0.16.04.6
php7.0-cgi - 7.0.33-0ubuntu0.16.04.6
php7.0-cli - 7.0.33-0ubuntu0.16.04.6
php7.0-fpm - 7.0.33-0ubuntu0.16.04.6
php7.0-xmlrpc - 7.0.33-0ubuntu0.16.04.6
In Ubuntu 14.04 ESM
libapache2-mod-php5 – 5.5.9+dfsg-1ubuntu4.29+esm5
php5-cgi – 5.5.9+dfsg-1ubuntu4.29+esm5
php5-cli – 5.5.9+dfsg-1ubuntu4.29+esm5
php5-fpm – 5.5.9+dfsg-1ubuntu4.29+esm5
php5-xmlrpc – 5.5.9+dfsg-1ubuntu4.29+esm5
In Ubuntu 12.04 ESM
libapache2-mod-php5 – 5.3.10-1ubuntu3.39
php5-cgi - 5.3.10-1ubuntu3.39
php5-cli - 5.3.10-1ubuntu3.39
php5-fpm - 5.3.10-1ubuntu3.39
php5-xmlrpc - 5.3.10-1ubuntu3.39
To install the updates, just open Software update or software center of our version of X-buntu and install what appears on the screen. Although it does not appear to be necessary, it is worth rebooting to make sure the patches take effect.