Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-0848-01

Red Hat Security Advisory 2023-0848-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.

Packet Storm
#sql#vulnerability#linux#red_hat#apache#js#php#ldap#buffer_overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: php:8.0 security update
Advisory ID: RHSA-2023:0848-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:0848
Issue date: 2023-02-21
CVE Names: CVE-2022-31628 CVE-2022-31629 CVE-2022-31630
CVE-2022-31631 CVE-2022-37454
====================================================================

  1. Summary:

An update for the php:8.0 module is now available for Red Hat Enterprise
Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

  1. Description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

The following packages have been upgraded to a later upstream version: php
(8.0). (BZ#2161666)

Security Fix(es):

  • XKCP: buffer overflow in the SHA-3 reference implementation
    (CVE-2022-37454)

  • php: standard insecure cookie could be treated as a __Host- or
    __Secure- cookie by PHP applications (CVE-2022-31629)

  • php: OOB read due to insufficient input validation in imageloadfont()
    (CVE-2022-31630)

  • php: Due to an integer overflow PDO::quote() may return unquoted string
    (CVE-2022-31631)

  • php: phar wrapper can occur dos when using quine gzip file
    (CVE-2022-31628)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon must be restarted
for the update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

2133687 - CVE-2022-31629 php: standard insecure cookie could be treated as a '__Host-' or '__Secure-' cookie by PHP applications
2133688 - CVE-2022-31628 php: phar: infinite loop when decompressing quine gzip file
2139280 - CVE-2022-31630 php: OOB read due to insufficient input validation in imageloadfont()
2140200 - CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation
2158791 - CVE-2022-31631 php: PDO::quote() may return unquoted string due to an integer overflow

  1. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
libzip-1.7.3-1.module+el8.6.0+13671+84712317.src.rpm
php-8.0.27-1.module+el8.7.0+17863+0ad92cd2.src.rpm
php-pear-1.10.13-1.module+el8.6.0+13671+84712317.src.rpm
php-pecl-apcu-5.1.20-1.module+el8.6.0+13671+84712317.src.rpm
php-pecl-rrd-2.0.3-1.module+el8.6.0+13671+84712317.src.rpm
php-pecl-xdebug3-3.1.2-1.module+el8.6.0+13671+84712317.src.rpm
php-pecl-zip-1.19.2-1.module+el8.6.0+13671+84712317.src.rpm

aarch64:
libzip-1.7.3-1.module+el8.6.0+13671+84712317.aarch64.rpm
libzip-debuginfo-1.7.3-1.module+el8.6.0+13671+84712317.aarch64.rpm
libzip-debugsource-1.7.3-1.module+el8.6.0+13671+84712317.aarch64.rpm
libzip-devel-1.7.3-1.module+el8.6.0+13671+84712317.aarch64.rpm
libzip-tools-1.7.3-1.module+el8.6.0+13671+84712317.aarch64.rpm
libzip-tools-debuginfo-1.7.3-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-bcmath-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-bcmath-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-cli-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-cli-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-common-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-common-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-dba-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-dba-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-dbg-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-dbg-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-debugsource-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-devel-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-embedded-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-embedded-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-enchant-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-enchant-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-ffi-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-ffi-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-fpm-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-fpm-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-gd-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-gd-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-gmp-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-gmp-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-intl-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-intl-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-ldap-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-ldap-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-mbstring-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-mbstring-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-mysqlnd-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-mysqlnd-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-odbc-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-odbc-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-opcache-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-opcache-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-pdo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-pdo-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-pecl-apcu-5.1.20-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pecl-apcu-debuginfo-5.1.20-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pecl-apcu-debugsource-5.1.20-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pecl-apcu-devel-5.1.20-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pecl-rrd-2.0.3-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pecl-rrd-debuginfo-2.0.3-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pecl-rrd-debugsource-2.0.3-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pecl-xdebug3-3.1.2-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pecl-xdebug3-debuginfo-3.1.2-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pecl-xdebug3-debugsource-3.1.2-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pecl-zip-1.19.2-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pecl-zip-debuginfo-1.19.2-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pecl-zip-debugsource-1.19.2-1.module+el8.6.0+13671+84712317.aarch64.rpm
php-pgsql-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-pgsql-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-process-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-process-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-snmp-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-snmp-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-soap-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-soap-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-xml-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm
php-xml-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.aarch64.rpm

noarch:
apcu-panel-5.1.20-1.module+el8.6.0+13671+84712317.noarch.rpm
php-pear-1.10.13-1.module+el8.6.0+13671+84712317.noarch.rpm

ppc64le:
libzip-1.7.3-1.module+el8.6.0+13671+84712317.ppc64le.rpm
libzip-debuginfo-1.7.3-1.module+el8.6.0+13671+84712317.ppc64le.rpm
libzip-debugsource-1.7.3-1.module+el8.6.0+13671+84712317.ppc64le.rpm
libzip-devel-1.7.3-1.module+el8.6.0+13671+84712317.ppc64le.rpm
libzip-tools-1.7.3-1.module+el8.6.0+13671+84712317.ppc64le.rpm
libzip-tools-debuginfo-1.7.3-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-bcmath-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-bcmath-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-cli-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-cli-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-common-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-common-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-dba-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-dba-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-dbg-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-dbg-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-debugsource-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-devel-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-embedded-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-embedded-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-enchant-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-enchant-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-ffi-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-ffi-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-fpm-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-fpm-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-gd-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-gd-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-gmp-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-gmp-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-intl-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-intl-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-ldap-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-ldap-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-mbstring-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-mbstring-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-mysqlnd-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-mysqlnd-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-odbc-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-odbc-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-opcache-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-opcache-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-pdo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-pdo-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-pecl-apcu-5.1.20-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pecl-apcu-debuginfo-5.1.20-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pecl-apcu-debugsource-5.1.20-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pecl-apcu-devel-5.1.20-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pecl-rrd-2.0.3-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pecl-rrd-debuginfo-2.0.3-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pecl-rrd-debugsource-2.0.3-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pecl-xdebug3-3.1.2-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pecl-xdebug3-debuginfo-3.1.2-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pecl-xdebug3-debugsource-3.1.2-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pecl-zip-1.19.2-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pecl-zip-debuginfo-1.19.2-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pecl-zip-debugsource-1.19.2-1.module+el8.6.0+13671+84712317.ppc64le.rpm
php-pgsql-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-pgsql-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-process-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-process-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-snmp-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-snmp-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-soap-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-soap-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-xml-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm
php-xml-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.ppc64le.rpm

s390x:
libzip-1.7.3-1.module+el8.6.0+13671+84712317.s390x.rpm
libzip-debuginfo-1.7.3-1.module+el8.6.0+13671+84712317.s390x.rpm
libzip-debugsource-1.7.3-1.module+el8.6.0+13671+84712317.s390x.rpm
libzip-devel-1.7.3-1.module+el8.6.0+13671+84712317.s390x.rpm
libzip-tools-1.7.3-1.module+el8.6.0+13671+84712317.s390x.rpm
libzip-tools-debuginfo-1.7.3-1.module+el8.6.0+13671+84712317.s390x.rpm
php-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-bcmath-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-bcmath-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-cli-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-cli-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-common-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-common-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-dba-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-dba-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-dbg-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-dbg-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-debugsource-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-devel-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-embedded-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-embedded-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-enchant-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-enchant-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-ffi-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-ffi-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-fpm-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-fpm-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-gd-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-gd-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-gmp-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-gmp-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-intl-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-intl-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-ldap-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-ldap-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-mbstring-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-mbstring-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-mysqlnd-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-mysqlnd-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-odbc-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-odbc-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-opcache-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-opcache-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-pdo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-pdo-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-pecl-apcu-5.1.20-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pecl-apcu-debuginfo-5.1.20-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pecl-apcu-debugsource-5.1.20-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pecl-apcu-devel-5.1.20-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pecl-rrd-2.0.3-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pecl-rrd-debuginfo-2.0.3-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pecl-rrd-debugsource-2.0.3-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pecl-xdebug3-3.1.2-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pecl-xdebug3-debuginfo-3.1.2-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pecl-xdebug3-debugsource-3.1.2-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pecl-zip-1.19.2-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pecl-zip-debuginfo-1.19.2-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pecl-zip-debugsource-1.19.2-1.module+el8.6.0+13671+84712317.s390x.rpm
php-pgsql-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-pgsql-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-process-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-process-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-snmp-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-snmp-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-soap-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-soap-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-xml-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm
php-xml-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.s390x.rpm

x86_64:
libzip-1.7.3-1.module+el8.6.0+13671+84712317.x86_64.rpm
libzip-debuginfo-1.7.3-1.module+el8.6.0+13671+84712317.x86_64.rpm
libzip-debugsource-1.7.3-1.module+el8.6.0+13671+84712317.x86_64.rpm
libzip-devel-1.7.3-1.module+el8.6.0+13671+84712317.x86_64.rpm
libzip-tools-1.7.3-1.module+el8.6.0+13671+84712317.x86_64.rpm
libzip-tools-debuginfo-1.7.3-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-bcmath-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-bcmath-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-cli-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-cli-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-common-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-common-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-dba-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-dba-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-dbg-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-dbg-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-debugsource-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-devel-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-embedded-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-embedded-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-enchant-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-enchant-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-ffi-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-ffi-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-fpm-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-fpm-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-gd-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-gd-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-gmp-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-gmp-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-intl-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-intl-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-ldap-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-ldap-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-mbstring-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-mbstring-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-mysqlnd-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-mysqlnd-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-odbc-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-odbc-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-opcache-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-opcache-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-pdo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-pdo-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-pecl-apcu-5.1.20-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pecl-apcu-debuginfo-5.1.20-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pecl-apcu-debugsource-5.1.20-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pecl-apcu-devel-5.1.20-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pecl-rrd-2.0.3-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pecl-rrd-debuginfo-2.0.3-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pecl-rrd-debugsource-2.0.3-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pecl-xdebug3-3.1.2-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pecl-xdebug3-debuginfo-3.1.2-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pecl-xdebug3-debugsource-3.1.2-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pecl-zip-1.19.2-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pecl-zip-debuginfo-1.19.2-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pecl-zip-debugsource-1.19.2-1.module+el8.6.0+13671+84712317.x86_64.rpm
php-pgsql-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-pgsql-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-process-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-process-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-snmp-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-snmp-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-soap-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-soap-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-xml-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm
php-xml-debuginfo-8.0.27-1.module+el8.7.0+17863+0ad92cd2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-31628
https://access.redhat.com/security/cve/CVE-2022-31629
https://access.redhat.com/security/cve/CVE-2022-31630
https://access.redhat.com/security/cve/CVE-2022-31631
https://access.redhat.com/security/cve/CVE-2022-37454
https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY/S5INzjgjWX9erEAQhVzRAAmh/R9be/UoLLxOFv7i8YXiSzOj7S3Pfm
cKCsHjpUt4iecukHuQBPaxL2a9J1YWBoa9NYmDbVPwYtK18eiE8zYORkxsKSUAVn
vh5SUkqrzRi55bevRyUFJgQcQgNmzLBnL0wCWl/0WwnxWMCqH5QEnijHdRmM4SPt
ldkrBcVqQEX7QJrv65fPigtWWhH/cvDi2aMinRKexwg0J4NUiE6GDBkoJzxr+S8z
xIn145d0TAUxCw0iYTwAFEhAGzefFvFn0z17S79OjJpeuLXqgXE5zIyEnMSQx59j
7lzqSLwsP/9y4vqRhOJ/XcyZdJDVlUUUI2ZQC9zoIFw2m40Vw9hS6hrPwsKiMA4m
o7lqq7WhOc62FszYEFXP1h/WCHSPF/vd7+GYNg5cQp1E1hL9JX6KTe5nOmNauw/1
mzLfSLebwrPv+mjS2YQjJGlr8q0qyyhwhiE1WuwJut1I+i56XDuMdaJlle5FjHXU
UqkGAQmHVtA7mOHNA3ceA6jRFrUcgz6M9RYA9Gb+oiZCV5kQregKKXhtpIXh1Xub
diWWkYqGBTX1JwQKaXDy3GIi4OomMNRlo17qoaahM4PvnYWsdFuWUK+EsVvwPPqy
DeK6l9/8yDb7Kk5Uoyk8U1i3uOLH8wZ8AoiXXup2DuCmpFoSAAZXwQX4Y+9iQ7X9
wHp7YJ0j+Xc=1Zuk
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Gentoo Linux Security Advisory 202408-32

Gentoo Linux Security Advisory 202408-32 - Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. Versions greater than or equal to 8.1.29:8.1 are affected.

Ubuntu Security Notice USN-6525-1

Ubuntu Security Notice 6525-1 - Nicky Mouha discovered that pysha incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause pysha3 to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

CVE-2023-26298: HP Device Manager Security Updates

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

GHSA-6w4m-2xhg-2658: Buffer overflow in sponge queue functions

### Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. ### Patches Yes, see commit [fdc6fef0](https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a). ### Workarounds The problem can be avoided by limiting the size of the partial input data (or partial output digest) below 2^32 - 200 bytes. Multiple calls to the queue system can be chained at a higher level to retain the original functionality. Alternatively, one can process the entire input (or produce the entire output) at once, avoiding the queuing functions altogether. ### References See [issue #105](https://github.com/XKCP/XKCP/issues/105) for more details.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

Ubuntu Security Notice USN-5931-1

Ubuntu Security Notice 5931-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice USN-5930-1

Ubuntu Security Notice 5930-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice USN-5905-1

Ubuntu Security Notice 5905-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

Ubuntu Security Notice USN-5888-1

Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.

RHSA-2023:0965: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulnerability was fou...

Debian Security Advisory 5363-1

Debian Linux Security Advisory 5363-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes.

RHSA-2023:0848: Red Hat Security Advisory: php:8.0 security update

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...

RHSA-2023:0848: Red Hat Security Advisory: php:8.0 security update

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...

RHSA-2023:0848: Red Hat Security Advisory: php:8.0 security update

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...

RHSA-2023:0848: Red Hat Security Advisory: php:8.0 security update

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...

RHSA-2023:0848: Red Hat Security Advisory: php:8.0 security update

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...

Ubuntu Security Notice USN-5818-1

Ubuntu Security Notice 5818-1 - It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVE-2023-0036: en/security-disclosure/2023/2023-01.md · OpenHarmony/security - Gitee.com

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

Ubuntu Security Notice USN-5767-1

Ubuntu Security Notice 5767-1 - Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash.

Gentoo Linux Security Advisory 202211-03

Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.

Gentoo Linux Security Advisory 202211-03

Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.

Gentoo Linux Security Advisory 202211-03

Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.

Gentoo Linux Security Advisory 202211-03

Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.

Debian Security Advisory 5277-1

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.

Debian Security Advisory 5277-1

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.

Debian Security Advisory 5277-1

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.

Debian Security Advisory 5277-1

Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.

CVE-2022-31630: OOB read due to insufficient input validation in imageloadfont()

In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

Ubuntu Security Notice USN-5717-1

Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-5717-1

Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-5717-1

Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-5717-1

Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.

Debian Security Advisory 5269-1

Debian Linux Security Advisory 5269-1 - Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, a fast, compliant alternative implementation of the Python language.

Debian Security Advisory 5267-1

Debian Linux Security Advisory 5267-1 - Nicky Mouha discovered a buffer overflow in 'sha3', a Python library for the SHA-3 hashing functions.

CVE-2022-37454

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

CVE-2022-31629: You must be logged in

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

CVE-2022-31628: You must be logged in

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

Packet Storm: Latest News

Zeek 6.0.9