Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2022-6158-01

Red Hat Security Advisory 2022-6158-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Packet Storm
#sql#vulnerability#linux#red_hat#apache#js#php#rce#ldap

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: php:7.4 security update
Advisory ID: RHSA-2022:6158-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6158
Issue date: 2022-08-24
CVE Names: CVE-2022-31625
====================================================================

  1. Summary:

An update for the php:7.4 module is now available for Red Hat Enterprise
Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

Security Fix(es):

  • php: uninitialized array in pg_query_params() leading to RCE
    (CVE-2022-31625)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

2098521 - CVE-2022-31625 php: uninitialized array in pg_query_params() leading to RCE

  1. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
libzip-1.6.1-1.module+el8.3.0+6678+b09f589e.src.rpm
php-7.4.19-4.module+el8.6.0+16316+906f6c6d.src.rpm
php-pear-1.10.12-1.module+el8.3.0+6678+b09f589e.src.rpm
php-pecl-apcu-5.1.18-1.module+el8.3.0+6678+b09f589e.src.rpm
php-pecl-rrd-2.0.1-1.module+el8.3.0+6678+b09f589e.src.rpm
php-pecl-xdebug-2.9.5-1.module+el8.3.0+6678+b09f589e.src.rpm
php-pecl-zip-1.18.2-1.module+el8.3.0+6678+b09f589e.src.rpm

aarch64:
libzip-1.6.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
libzip-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
libzip-debugsource-1.6.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
libzip-devel-1.6.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
libzip-tools-1.6.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
libzip-tools-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-bcmath-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-bcmath-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-cli-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-cli-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-common-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-common-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-dba-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-dba-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-dbg-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-dbg-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-debugsource-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-devel-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-embedded-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-embedded-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-enchant-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-enchant-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-ffi-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-ffi-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-fpm-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-fpm-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-gd-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-gd-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-gmp-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-gmp-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-intl-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-intl-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-json-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-json-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-ldap-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-ldap-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-mbstring-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-mbstring-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-mysqlnd-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-mysqlnd-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-odbc-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-odbc-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-opcache-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-opcache-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-pdo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-pdo-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-pecl-apcu-5.1.18-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-apcu-debuginfo-5.1.18-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-apcu-debugsource-5.1.18-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-rrd-2.0.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-xdebug-2.9.5-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-xdebug-debuginfo-2.9.5-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-xdebug-debugsource-2.9.5-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-zip-1.18.2-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-zip-debuginfo-1.18.2-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pecl-zip-debugsource-1.18.2-1.module+el8.3.0+6678+b09f589e.aarch64.rpm
php-pgsql-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-pgsql-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-process-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-process-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-snmp-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-snmp-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-soap-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-soap-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-xml-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-xml-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-xmlrpc-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm
php-xmlrpc-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.aarch64.rpm

noarch:
apcu-panel-5.1.18-1.module+el8.3.0+6678+b09f589e.noarch.rpm
php-pear-1.10.12-1.module+el8.3.0+6678+b09f589e.noarch.rpm

ppc64le:
libzip-1.6.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
libzip-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
libzip-debugsource-1.6.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
libzip-devel-1.6.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
libzip-tools-1.6.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
libzip-tools-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-bcmath-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-bcmath-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-cli-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-cli-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-common-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-common-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-dba-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-dba-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-dbg-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-dbg-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-debugsource-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-devel-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-embedded-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-embedded-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-enchant-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-enchant-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-ffi-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-ffi-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-fpm-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-fpm-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-gd-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-gd-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-gmp-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-gmp-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-intl-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-intl-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-json-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-json-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-ldap-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-ldap-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-mbstring-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-mbstring-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-mysqlnd-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-mysqlnd-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-odbc-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-odbc-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-opcache-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-opcache-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-pdo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-pdo-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-pecl-apcu-5.1.18-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-apcu-debuginfo-5.1.18-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-apcu-debugsource-5.1.18-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-rrd-2.0.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-xdebug-2.9.5-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-xdebug-debuginfo-2.9.5-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-xdebug-debugsource-2.9.5-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-zip-1.18.2-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-zip-debuginfo-1.18.2-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pecl-zip-debugsource-1.18.2-1.module+el8.3.0+6678+b09f589e.ppc64le.rpm
php-pgsql-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-pgsql-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-process-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-process-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-snmp-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-snmp-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-soap-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-soap-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-xml-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-xml-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-xmlrpc-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm
php-xmlrpc-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.ppc64le.rpm

s390x:
libzip-1.6.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
libzip-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
libzip-debugsource-1.6.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
libzip-devel-1.6.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
libzip-tools-1.6.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
libzip-tools-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-bcmath-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-bcmath-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-cli-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-cli-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-common-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-common-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-dba-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-dba-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-dbg-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-dbg-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-debugsource-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-devel-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-embedded-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-embedded-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-enchant-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-enchant-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-ffi-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-ffi-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-fpm-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-fpm-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-gd-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-gd-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-gmp-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-gmp-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-intl-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-intl-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-json-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-json-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-ldap-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-ldap-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-mbstring-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-mbstring-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-mysqlnd-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-mysqlnd-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-odbc-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-odbc-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-opcache-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-opcache-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-pdo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-pdo-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-pecl-apcu-5.1.18-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-apcu-debuginfo-5.1.18-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-apcu-debugsource-5.1.18-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-rrd-2.0.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-xdebug-2.9.5-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-xdebug-debuginfo-2.9.5-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-xdebug-debugsource-2.9.5-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-zip-1.18.2-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-zip-debuginfo-1.18.2-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pecl-zip-debugsource-1.18.2-1.module+el8.3.0+6678+b09f589e.s390x.rpm
php-pgsql-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-pgsql-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-process-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-process-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-snmp-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-snmp-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-soap-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-soap-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-xml-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-xml-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-xmlrpc-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm
php-xmlrpc-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.s390x.rpm

x86_64:
libzip-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
libzip-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
libzip-debugsource-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
libzip-devel-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
libzip-tools-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
libzip-tools-debuginfo-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-bcmath-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-bcmath-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-cli-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-cli-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-common-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-common-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-dba-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-dba-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-dbg-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-dbg-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-debugsource-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-devel-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-embedded-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-embedded-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-enchant-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-enchant-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-ffi-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-ffi-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-fpm-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-fpm-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-gd-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-gd-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-gmp-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-gmp-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-intl-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-intl-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-json-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-json-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-ldap-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-ldap-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-mbstring-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-mbstring-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-mysqlnd-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-mysqlnd-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-odbc-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-odbc-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-opcache-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-opcache-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-pdo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-pdo-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-pecl-apcu-5.1.18-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-apcu-debuginfo-5.1.18-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-apcu-debugsource-5.1.18-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-rrd-2.0.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-rrd-debuginfo-2.0.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-rrd-debugsource-2.0.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-xdebug-2.9.5-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-xdebug-debuginfo-2.9.5-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-xdebug-debugsource-2.9.5-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-zip-1.18.2-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-zip-debuginfo-1.18.2-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pecl-zip-debugsource-1.18.2-1.module+el8.3.0+6678+b09f589e.x86_64.rpm
php-pgsql-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-pgsql-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-process-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-process-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-snmp-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-snmp-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-soap-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-soap-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-xml-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-xml-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-xmlrpc-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm
php-xmlrpc-debuginfo-7.4.19-4.module+el8.6.0+16316+906f6c6d.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-31625
https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYwa9v9zjgjWX9erEAQjsNA/8CgN7lEAft3q9KK9bVRfPQmJL59iWS3m6
KH+tU19eYF3974duLegbklmlDUVJuvhv0TwSAKBpX32WCzJjskgpYbofJgUTYPt/
rfPG/XcM/sw0HSbj7YR8nTsQzB83bzMnJT+czkZ72uo/0ElGnZ7ErZI7P6k22ZRS
ccGsstW0c1BbxMiw7kVZlrPOve5ruLPsBxbxFFwuw/hC1Auk2RI9dsAO0qeIDMbe
Z8Tu3hBhUkxMBrydbFyNQ4U6vi5tu5+SSuJ9RRAawgj0mqLsxEloE1lReau+21ac
w/JsilX/nEYSdb4vQHrddZKEyJFLfGslRyGANlAxHjxPApniV2H55txCHcG+1jZH
+nBwPLBI0wc1SFXGZ9kan4zEw5jvVlLfXSuIoKugsl2/pJkhDm21wk1j8ucO21AJ
Okh5NN/rF4pTU0ZV/3TZbOB9vaG2pJmHU/vrr55lhZuT/cbd/5lEl4BZJDTSSZIE
ngIhtx0vGhuV0JCV0TBFp8OOqC3kr59FPdYSQY2bmPlPwiRiFQCTlT2PeB5N5fhO
o6VYVgf6d4xlDvhW111ZP1Now0V7c0Vr2tIpuqx2oTZWjNPCo32dp3thWQ4UmwYB
SwaWA4+mZttPPbQqPOMgTSNeT88FzcRr+fvLSoElviix1p2aELVGhglG4prMVl92
LtqpXJr7evE=bQkR
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Red Hat Security Advisory 2022-8197-01

Red Hat Security Advisory 2022-8197-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a use-after-free vulnerability.

RHSA-2022:8197: Red Hat Security Advisory: php security, bug fix, and enhancement update

An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-21708: php: Use after free due to php_filter_float() failing for ints * CVE-2022-31625: php: Uninitialized array in pg_query_params() leading to RCE

RHSA-2022:7624: Red Hat Security Advisory: php:8.0 security, bug fix, and enhancement update

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-21708: php: Use after free due to php_filter_float() failing for ints * CVE-2022-31625: php: Uninitialized array in pg_query_params() leading to RCE

Gentoo Linux Security Advisory 202209-20

Gentoo Linux Security Advisory 202209-20 - Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. Versions less than 7.4.30:7.4 are affected.

RHSA-2022:6158: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31625: php: uninitialized array in pg_query_params() leading to RCE

Ubuntu Security Notice USN-5479-3

Ubuntu Security Notice 5479-3 - USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes the problem. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-5479-2

Ubuntu Security Notice 5479-2 - USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2022-5491-01

Red Hat Security Advisory 2022-5491-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

RHSA-2022:5491: Red Hat Security Advisory: rh-php73-php security and bug fix update

An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-21703: php: Local privilege escalation via PHP-FPM * CVE-2021-21707: php: special character breaks path in xml parsing * CVE-2022-31625: php: uninitialized array in pg_query_params() leading to RCE * CVE-2022-31626: php: password of excessive length triggers buffer overflow leading to RCE

Ubuntu Security Notice USN-5479-1

Ubuntu Security Notice 5479-1 - Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2022-31625: Uninitialized array in pg_query_params() leading to RCE

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

CVE-2016-4343: PHP: PHP 7 ChangeLog

The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution