2

Oddly enough I couldn't seem to find anything about this. Baffles me, except I'm an Ubuntu noob (switched over about 6 months ago, and absolutely loving it).

I'm simply trying to install php 7.2.31 (the version my hosting is using) on Ubuntu 20.04. I found an answer on SE for installing 7.2, but this installed 7.2.34...doh! It would be of great help if I could get a generalized answer here, something to point me in the right direction of installing any version of anything on Ubuntu (or anything:). Thanks hahaha! :)

Cinder
  • 21

1 Answers1

5

There have been multiple CVEs fixed in subsequent versions since 7.2.31, all the way up to 7.3.34.

You're probably not going to find a vulnerable version to install unless you download it from php directly or build it from source although, not sure you would want to do that just to run a vulnerable version. Also, I'm not sure if vulnerable versions are even available directly from php.

CVE-2020-7070

CVE-2020-7069

CVE-2020-7068

Version 7.2.34
01 Oct 2020
Core:
Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
OpenSSL:
Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)

Version 7.2.33
06 Aug 2020
Core:
Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb)
Phar:
Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)


Version 7.2.32
09 Jul 2020
Windows:
Rebuild of official Windows binaries with patched libcurl. No PHP source changes.
mchid
  • 44,904
  • 8
  • 102
  • 162