Headline
RHSA-2023:0965: Red Hat Security Advisory: php security update
An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing “quines” gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition.
- CVE-2022-31629: A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim’s browser, which is treated as a
__Host-or__Secure-cookie by PHP applications, posing a threat to data integrity. - CVE-2022-31630: An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont() function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system.
- CVE-2022-31631: A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place.
- CVE-2022-37454: A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. When at least one of these has a length of 4294967096 bytes or more, it can result in elimination of cryptographic properties, execution of arbitrary code, or a denial of service.
Issued:
2023-02-28
Updated:
2023-02-28
RHSA-2023:0965 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: php security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for php is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: php (8.0.27). (BZ#2161667)
Security Fix(es):
- XKCP: buffer overflow in the SHA-3 reference implementation (CVE-2022-37454)
- php: standard insecure cookie could be treated as a `__Host-` or `__Secure-` cookie by PHP applications (CVE-2022-31629)
- php: OOB read due to insufficient input validation in imageloadfont() (CVE-2022-31630)
- php: Due to an integer overflow PDO::quote() may return unquoted string (CVE-2022-31631)
- php: phar wrapper can occur dos when using quine gzip file (CVE-2022-31628)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2133687 - CVE-2022-31629 php: standard insecure cookie could be treated as a '__Host-' or '__Secure-' cookie by PHP applications
- BZ - 2133688 - CVE-2022-31628 php: phar: infinite loop when decompressing quine gzip file
- BZ - 2139280 - CVE-2022-31630 php: OOB read due to insufficient input validation in imageloadfont()
- BZ - 2140200 - CVE-2022-37454 XKCP: buffer overflow in the SHA-3 reference implementation
- BZ - 2158791 - CVE-2022-31631 php: PDO::quote() may return unquoted string due to an integer overflow
CVEs
- CVE-2022-31628
- CVE-2022-31629
- CVE-2022-31630
- CVE-2022-31631
- CVE-2022-37454
Red Hat Enterprise Linux for x86_64 9
SRPM
php-8.0.27-1.el9_1.src.rpm
SHA-256: a7e1f2b52e8a8b3ff451d781ce0b82b1d45652ac13cf4ba51938a580dd563548
x86_64
php-8.0.27-1.el9_1.x86_64.rpm
SHA-256: a9b2b2d7ddd937641f357066e1173fc611de047411d3a5ba1748565922877a78
php-bcmath-8.0.27-1.el9_1.x86_64.rpm
SHA-256: a1ec1cad145b12dd7fc297e6700c5bb51679f3093376d04b96543877ca290708
php-bcmath-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 3c97ae62fc64097f3b8c20eb5629bc2e99046de49fbc93568907ba5d7b85edcf
php-cli-8.0.27-1.el9_1.x86_64.rpm
SHA-256: e7e4c3b8bffe002fa8bc55209048f62d5d8a38ab7cd7318a64a21482ec18ebd8
php-cli-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 27c76835f1e089ab09d56d0b47a6fb4e35e0cfffb5424543502e5931751310a9
php-common-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 2400d13f4a29481e8cef72b453a9d3f68b9983e5d4917b40aa4646e056e93ff4
php-common-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 2786c5e829ff2c6cd1eb4c63291c638c97342abbeb5e90d7257cb3908000dfbc
php-dba-8.0.27-1.el9_1.x86_64.rpm
SHA-256: cde2aac04a8028c7e5b2f9a75ce452822afe9367dc9adbf938519102f1276f61
php-dba-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: cf7d8e6da81ba4da2431a13f7efc7b8f739b0d8a816324a64cdb9128c2dacac8
php-dbg-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 0713c88d161a96fb03e67817366667c71e88db8e9c56062a70201a2e6693b3c7
php-dbg-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 7b0a5bf3c4f9cd87c6814cbd9cf4c45e37eca6d00f10c379ef46812ed3c2d8f7
php-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 23b1bf32c60c194c31d0f437fa1d483744f243146a2fd62a18d3a17c071b1efd
php-debugsource-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 00353de5783485bc1f5169aa9200da3fbf4107606fd9d7a0d65ee63b928e52ee
php-devel-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 6e1a65037089543e4792cf037ea60c3120ed4b99507dcf4ed87bb1ec5200d020
php-embedded-8.0.27-1.el9_1.x86_64.rpm
SHA-256: d3dfe4bef551c3e1fcc7fa668a1c2d4519e21356be471e52c0fd90772edf5f3b
php-embedded-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 4230b750dd4332543111654c71779ac8abd65cdd9ee19a68c346a71e7536af51
php-enchant-8.0.27-1.el9_1.x86_64.rpm
SHA-256: dd309e2e7d92ad457e4ab48ab12978db9b2db8c83ec9351e05d320281abe8753
php-enchant-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: b70e57687e2176480deb3998fa44dca7703765b6bc701ebee25a0aee2da5ccdf
php-ffi-8.0.27-1.el9_1.x86_64.rpm
SHA-256: aaedb45fc21757e87b17076795e8e6621f4c6d59cbf784855a74b397437f97ea
php-ffi-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: f48a84c8a9a6c8f025612c0eb78728ddace546b91a8b52913dc8c3ef4e75e7ee
php-fpm-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 74a107f07125add01615f6bfaf2d732cd6090eac3309ddfe7c38d32da9b0540f
php-fpm-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 145d89130596f25d402b3add77476a04c0ba309dbbdb5c4c1d3a27f683801857
php-gd-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 3a785f6e50a02dd89649fdc7f48312cbece431c14f2617991aea49ff870333c3
php-gd-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 5c9dd0280e741dffaf2f7bcf0558fdc81b5d8cac96499c2b7ae725656162c813
php-gmp-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 662e452a03916595468bd869891a84dfeafc99b414923b63dc0ba7b347a24396
php-gmp-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: c39941a554f3273cad494d821e174ac7eaf926e98000f29fa44abf416382cf6b
php-intl-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 1ed84385d844b74f416a54b051178896c4051296cc9ab59dcaf72f430f8475ee
php-intl-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: bbb66101a80257b8bd0f27c59f4534cad5bbcdb3f4110ac876c4341d47344f7b
php-ldap-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 8ac1f58e828f0948f8dc566ed7a2ac57ce15699bf7f65f50bdfdd24842c7fa81
php-ldap-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: d9d70d65e6ae715a16da6b83758195e7373cc9a5b6d143440f23a245e76f9000
php-mbstring-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 3ae15dda7f4310047ae30e033513ae0a517add4350fffde8ce7683799f80071c
php-mbstring-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: b76db9fed25c023d369e9260439eb194c2e8207a10880b60227ea635a704b34d
php-mysqlnd-8.0.27-1.el9_1.x86_64.rpm
SHA-256: de9e07f591af78a96b94ea4c9d1c5401a9ac03efc2a3e35ae7ddbfb9bd9162cd
php-mysqlnd-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 813a2bcc90c03c7d03aa28d59351fa4bdf3b46b83e2be80e501cdd0c828cfa71
php-odbc-8.0.27-1.el9_1.x86_64.rpm
SHA-256: f3523f6e55304e8b3e453bbe204b34c0261414fadb9e951c3cf144374702c962
php-odbc-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 7bc90f73860a5eb47a7241e192afe82f69d193847a70070f4039288f5508233e
php-opcache-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 05e2e864e3f89b0ed918c32e5b235fa30b8979880ca9bd2eb8041c3d45aa67ec
php-opcache-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 1e7f30a5ede8ba2c5551f31d646822bf2bc6b4d5b90fb3ad0c54eea71a3faa71
php-pdo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: bb588f5fe508092ebef16573075f1f9922c11a28f00c83ed251abeb971f909f3
php-pdo-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 7f06397cb4ce399202427a13742c9e6c6b914de81ea20b1b4303daed09876c92
php-pgsql-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 956bc10ab4b7c0470ca2472f50bdcbbb61efe48428f952e5e3e1e4dc5cadf69d
php-pgsql-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 0bad6fe08c0abb13ace12e34742c0e2eb35698ea114729a1c5cb1a5d38ed792a
php-process-8.0.27-1.el9_1.x86_64.rpm
SHA-256: ab3848c58a0cbff66bbaee02a84e674dad4299f88ab48630726ea819d83ff557
php-process-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 798e3ae0ba685170510736ba7acca3390f6adfbd5e9dbd906d6b1d1ab21e17fa
php-snmp-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 65551a91f4ec8ed33c8471d4e83363e82376618e0776f7290af5d0f306303609
php-snmp-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 48131ec9cf171fb826a53d739ec57e233ec046785749443bb46d095ef007a1f4
php-soap-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 7599ca580c0663b224e3fabce77fea8a28e2f581a2d23bfa6142e9b06df21bdf
php-soap-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: a435885c0c6d5ee1d48c9443923ef458242d3517b4bd1b1a5a5d4f00a10e65f3
php-xml-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 87199338056bc8204fa8cd20dd43cc44d1c58ba817127ecdeff3a76d0e099ea0
php-xml-debuginfo-8.0.27-1.el9_1.x86_64.rpm
SHA-256: 5758691302ee1d7701dbd3768574de2da33618663c0382900fc367bc58ed9d67
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
php-8.0.27-1.el9_1.src.rpm
SHA-256: a7e1f2b52e8a8b3ff451d781ce0b82b1d45652ac13cf4ba51938a580dd563548
s390x
php-8.0.27-1.el9_1.s390x.rpm
SHA-256: 2612787f3c600abb3ca51705a8b72802a19240cb3aaec2fad3ed490c5ae0ef34
php-bcmath-8.0.27-1.el9_1.s390x.rpm
SHA-256: eb0a686a4bceb97cc2b75ecb23ff2b6357f72240e69f07ca505f280ef6bb330f
php-bcmath-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: c17ec94b84a41d4fe1f3529bc09448b283297e3ec61cef7b9e96fd4f979443df
php-cli-8.0.27-1.el9_1.s390x.rpm
SHA-256: 8ff8752d751c3c4fe736861a1adc202bd43a53f9abebab1a7c7ed72ec08e8087
php-cli-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 75985e9c35663acfc8f9a21f185de6f4743afae57582463747c1b868c108eff3
php-common-8.0.27-1.el9_1.s390x.rpm
SHA-256: 587146474818b6a85c2eb1edd4fae71d035c3896c28417a151c7eab42cd54dc2
php-common-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 738bb21285d1b3505b6de019a9885ed17f0305c9daa618a8d534df2cec642f41
php-dba-8.0.27-1.el9_1.s390x.rpm
SHA-256: 4a679414ef1b0699af9709af661056ebb2e41ef8d4b8c349f3c340ce1aef9ed5
php-dba-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: f15b2d19b586ba164ff9d5adbc99bc7cc31818093a4b239420dbf35c2b463797
php-dbg-8.0.27-1.el9_1.s390x.rpm
SHA-256: a4fd84135d070a17195c7457c78b677e435b6b25e1a61640188e1adc633d9a8a
php-dbg-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 15d85b343cee0c48c9d24b4c48d7e57448b6c37571100a082feaeaa96b63801c
php-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 818a6b98cce4c30fa6c4b6dfc98c2cb680f7950bf72187c67ce2949de4d10b1d
php-debugsource-8.0.27-1.el9_1.s390x.rpm
SHA-256: d6beb29268a38305c8c146ff212cc155a5437875fb7b442edce6ec7efe176d1f
php-devel-8.0.27-1.el9_1.s390x.rpm
SHA-256: a8caf605f62f6f88c1caf0e09c4895d912ca1256550aa238ea51394bd92be502
php-embedded-8.0.27-1.el9_1.s390x.rpm
SHA-256: 94a170e8b6eb72bf5767966ea943620f6fd40dfa16c62c0018dab1ac786c1597
php-embedded-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 164b80108edeb266b75626e69dd6cfbc766d59aaf770203f5eee8266c6664023
php-enchant-8.0.27-1.el9_1.s390x.rpm
SHA-256: 20ad398158b606177fc10a86bf110ae18242b12b643c2ff1d1ca8ae2d61096b1
php-enchant-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: dc59b6a3ed77cb53b6a66293e9c6a2c49c8aa13a38ff552fd2d3e738de35ce1e
php-ffi-8.0.27-1.el9_1.s390x.rpm
SHA-256: 2daea16476d3079e3a4a3ef35aecf63ea47a156fd175f81cc0f8337ecea0d7f1
php-ffi-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 28092ba7a1385afcf7d5bcab4c5d5aa683ee204322d2321be7758e0e86ff5250
php-fpm-8.0.27-1.el9_1.s390x.rpm
SHA-256: 1f4fc7a946bba65769fde12baf41da286701d5046a6c4c5d8ad00759325c6203
php-fpm-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 460657e032d94042190df34dc06ef6a9df0fae0ec1cfc7bf36a11480f27e7819
php-gd-8.0.27-1.el9_1.s390x.rpm
SHA-256: 345e40298fc23165f09de97a883315ba15eaa615a8b7ba41d15ee8b41115f915
php-gd-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 6a7529780913a2fa37f12456cf20793fb98db9c4fa3cb6c0fad1baeaf41d09a1
php-gmp-8.0.27-1.el9_1.s390x.rpm
SHA-256: 01dc0f233484300004f2813a8fd9fc1468cd3bb6bd634105f17366f51708339a
php-gmp-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 05cd5fc2bcd65d76b9f72feb0fd56cd46fc427aec99e54f96e2341ba1fae3890
php-intl-8.0.27-1.el9_1.s390x.rpm
SHA-256: 6d3e80822f8bf40d22335021d8983664a7ced5638042f71257f0a9cfe31a00c8
php-intl-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: c6dae0e14aaa813edd25590278b7dcf4415483fa9f260e54c7a8deb780c73c3d
php-ldap-8.0.27-1.el9_1.s390x.rpm
SHA-256: ad42dbd2beadb47e07efacf3ac0e472b6803857d7762c93e56d5587e3fdeca0a
php-ldap-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 550e32f80f667f5b5ec983efdaf4aa2d35eabdf854de5d1f5f62e328ef46e356
php-mbstring-8.0.27-1.el9_1.s390x.rpm
SHA-256: 970f715178c2df39637885e0146e031cbb674a31e360ab2cc48ee7cd437cbd3b
php-mbstring-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 031287fe79ff958738eb884f119c64a736b2ecdbe75a8eca4416146fef9b9702
php-mysqlnd-8.0.27-1.el9_1.s390x.rpm
SHA-256: 7a5908c4a961e4de43b8a31397b26ecf2d8bdbd72fa7a4814a50ffaa7c386674
php-mysqlnd-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: c6de06364cd3c398f776b1849be564609c785e5f8272b12f6d96405f68bd3440
php-odbc-8.0.27-1.el9_1.s390x.rpm
SHA-256: 9b3f81019b1194f4790ef7e185c9e3b9d18f8bfb6eba3abda3041400ef7dffdc
php-odbc-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 5319e9f1ba4e262bf974dd6ce46e67faa4f6fc4f3e4b94af579dc82c72feafe9
php-opcache-8.0.27-1.el9_1.s390x.rpm
SHA-256: a22d6467cb9500a2d0c0e383efef9047fd03d9e10a7fc9962b0cca4bdb63b2d2
php-opcache-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: f92be67192987ae020b4ca4c20b9000c667584ae10f90fed596a61fd9e8a6d07
php-pdo-8.0.27-1.el9_1.s390x.rpm
SHA-256: bcb7c047d93f511e955080cb5fb9ead94a8d1eef9f33feccf1e40227e70e03fa
php-pdo-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: b8d15719d9b54bf067672a563f4b039b4f8f06463646ed26f8927e3f39334041
php-pgsql-8.0.27-1.el9_1.s390x.rpm
SHA-256: cb7b56013818cd62be00229e54ad10f269ec258111fc024b2fd97a7a14d586d8
php-pgsql-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: bc9403f10df7c9b19c5fe2437886436ce97b4892c6d273abbb6606a0e800333f
php-process-8.0.27-1.el9_1.s390x.rpm
SHA-256: c788951f2c5e40e4f63269c1d4155cf628185be24915aa25c6ab8bf1b50c31f3
php-process-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 0e824a623caef637e90e7a05dfe6d1c7cf485c8742603523645b4727cacefdc3
php-snmp-8.0.27-1.el9_1.s390x.rpm
SHA-256: 941bad56e215b34cbe3a05ccc468f231779bf787c611ff8f375904e1c03cfab7
php-snmp-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 29406fae517068624d53899cad3ef5ba311785533df4af6e0154aaae05960a49
php-soap-8.0.27-1.el9_1.s390x.rpm
SHA-256: 803d2c259eb6e679b269706eb1f6459b46d685f41be8591e82deb6d057ad5544
php-soap-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: 5a98d01c510142f1b0b9794ddeb332c1ca4c3ef6926ff32007e2a6a64d116514
php-xml-8.0.27-1.el9_1.s390x.rpm
SHA-256: 94052bd566858fcf8ba302be2949087a20d321cd67bbb69d497e1a487156844a
php-xml-debuginfo-8.0.27-1.el9_1.s390x.rpm
SHA-256: ccd8d69a07789dcee8885301af0d40c617b4c5be44ed94cbfa6478e6a49dce82
Red Hat Enterprise Linux for Power, little endian 9
SRPM
php-8.0.27-1.el9_1.src.rpm
SHA-256: a7e1f2b52e8a8b3ff451d781ce0b82b1d45652ac13cf4ba51938a580dd563548
ppc64le
php-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 93ad472a3eb95da4b1a123dca04d79fb1cc19e2c6cf10c999e26f9666b26eb23
php-bcmath-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: cab65b5e0da6b30028e614a852f13eec364ad8bf9fabd5adbe79d22e2d0279da
php-bcmath-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: a64822de2fa5587f50fec35ef9be5d11dce2df4ba6d11dfc0c3c54d0078d9220
php-cli-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 0d1f56cb9d17d063a146984a89078dfa8f4a6d36b5119318bcf3082defdaf7d5
php-cli-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: ba1fbf346768411e0c585ed670aa7dce35b98b9682cf6806d4f100c7bee7109d
php-common-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 0cb20649ed4f77edaa251325c0ef13185f8ebce0e3e78797da2656161f780499
php-common-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 821ad5ec04521dd9b4f3b4f45e4150c58852215b790564d31c17c5ac92dbbd4a
php-dba-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: eabe079a52d5e144fd7b51d269af5814133a9bb2f1f5383c28f5f81be58b060c
php-dba-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 600801f6311108ae22059c2a7b1462d521fb93647bad4d85959a53be149c136f
php-dbg-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 7021716b376e4a83b24dabfeaa198891143de206b7e3a251b45aedada12cbf37
php-dbg-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 3b2646f5e9544d53a506323262d4f1d80f62b77e3992187ef3cfe2aa796332bf
php-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 9e643c3c8d78b5cc981d4d0826bc2ff4e8ef3ff36af978273646a0394b899f2d
php-debugsource-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 7f6d1c40626baca5d84f61d49779efeec007e7c0041ff8e9835bcf5473b7aa41
php-devel-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 3dad9ef246e15895146a7050317281ecbb960f2b14a508010aed1142399f2e1e
php-embedded-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 5e1719814759cbdd614e8ad738cc3b572fe31cb7b0d133ec1d73c44b2bf5fffe
php-embedded-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 75dcb71e81553ef5fc236cab02ec156db02483f03d84fde0ae9450ddd84ea0b6
php-enchant-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 91a07134878af3836cce2ce804f0baa86c654d9ee67459835b19c3e30b4af90d
php-enchant-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: d996c73f8da00a3a6813647e5d1d176a302b15d64e085490334eaa8408592111
php-ffi-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 191ab7e293659b1c1678e976eab17c1225b82e050a8edde8ae61658aa1f892d5
php-ffi-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: c5b82d3cb44c1dd97c196f037f24dbeb017325ff7d8b2018dc5d95e26dbb07b1
php-fpm-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: da766edb2b88a45d811b0687280634c5ed4d8484e5043921e1723f0a28528341
php-fpm-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: d7d5c625f38ae73b2da88cd387ad1b6b34bf9d9b1ff88d9fbe8c3fe80b3e5c8f
php-gd-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 77dd1eff52001a3e5166ddf4b96d6b91ae3b9560d63ae83e89ce5cfb3a4c7d4d
php-gd-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 2679c700b4997902879cb20a9f15fb7543503887248dfa69974fe0fa8a14be71
php-gmp-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: b4ac7e3c132a0caed631cd9dee68fefe1774891519100050c6121b02fdbd9488
php-gmp-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 42706e7d35a27ee90fc0bb3f9b64cf161f6535799662745b859e950f94d94f7c
php-intl-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 3b4ddbeb2869281d6b7c65dae8ac50484eedea86bea92d95f30c80a4706f1f8f
php-intl-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 19a4a39531906b43a7376d72b688a67a206fc673d6fb47bfd282c5e019c77e2e
php-ldap-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: a6007d6a683774e86b4fcd2737bee9ae9e0384e0bb1b9fff9cabd5f48537f41d
php-ldap-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 2efed7e01553f261594abec5ae18267e06573a16255b91a67c65ae5f52fde2b4
php-mbstring-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 566646dcbd787efc90d3cd9fd426d23294af5ca6827cb16999220f60e154bc7d
php-mbstring-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 3162b5503110e46a6a304b400009f901e77277e266f4a5b88f1baa86f6d6f9fc
php-mysqlnd-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: fcc8a49caab1aba6ff0daf03f5cf78dac7976acb1cb58cebf9c7a866fb0c61c7
php-mysqlnd-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: a2c1975d0e3d874adea0ffc9c248fd9be3a43304ad39de0f280fa9f4ba55fd38
php-odbc-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: fdc0d2ab50c5d631a766098f098bbe394bef441750d822f7ace56792a3411be0
php-odbc-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: bba5313a6261482eb2b587c6632e87bc6fefc67a9324af1fec160e7fa369c9ac
php-opcache-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 6a56b15d332246bcf999b390a1095040004c883a1d1fa9c6736bd495da4e9e1d
php-opcache-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 01bf320a3e410ebd3d2fdc94061da54ec4654ffbc56eac0a671f046be8889c04
php-pdo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 05838090b24d99a2888aee583ee539916e00b9b28d45a1aff3b22fa28080b47b
php-pdo-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: fa9d28e9cfd77d776c69b67a375a315a7f170760cb51b5de01f081ff3cd9704a
php-pgsql-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: a1db9d17d08f407ce052d36b2949d538e1b788421f34bba0409a213c6fb5c142
php-pgsql-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: d04f703db8a547e32bd58e155cac71851f4c3845a249c044afaa6c0ad2099498
php-process-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 988a49904e08525b3343409840cdfbccb5817e36af4edd07dea1de40522f66d7
php-process-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: b1da4f9f5947da11260183ff1daf38dd4d1d4620029a3803217d5069130186e6
php-snmp-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 5cfe5f6194c78fd45ad428a37e8a07f233e537917336fc55fe1b1e2a5114c35e
php-snmp-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: a2214834516da0dae7eb76ad8e46860dd9325b7d1a53b0534b7122d87bb38108
php-soap-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 3d595327d5dada61328143a8c141e11017da6a429d7894cbc148e9eb6fed5539
php-soap-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 0823d5eb1b24ef77d361627757fe28b87fbcbd2814edf6cd7eed1d06f661bad5
php-xml-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: 0405feb5c29404c4025f3a1df16c76d94f6b20050881b9201fd0b4a68add6e01
php-xml-debuginfo-8.0.27-1.el9_1.ppc64le.rpm
SHA-256: d1b3d4fcabc85afe8ef0a0ef52e4f384f46c1afd6d0d06c696081a6dbeb3a504
Red Hat Enterprise Linux for ARM 64 9
SRPM
php-8.0.27-1.el9_1.src.rpm
SHA-256: a7e1f2b52e8a8b3ff451d781ce0b82b1d45652ac13cf4ba51938a580dd563548
aarch64
php-8.0.27-1.el9_1.aarch64.rpm
SHA-256: f6a1e3c8c594a0a459e6bccf977ded1f1ee9846d65d04de6699868aed6250a95
php-bcmath-8.0.27-1.el9_1.aarch64.rpm
SHA-256: c093420e094d2f0212319bd3148c2dc491971a54ae12034e6e9f20848fb2157e
php-bcmath-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 9eedc65b74b3fe9ce701d1a82b7bda992b07f5d2fcc85afd63b974419d8ac9ec
php-cli-8.0.27-1.el9_1.aarch64.rpm
SHA-256: bb6003ac34c8b3815014ee95aa936a68ba636507ac4442f052714f38fb53701e
php-cli-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 832c746156f47290da4769e0cf7ff317f377f2600afeff8c1dce009f4672a14b
php-common-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 9df33f4ea53bbff229f61142b02d84f725c64f3e597e772471094723e4a76b1d
php-common-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 8c5fc1694fe109236b684f030bd313c21a02c62c097fb0b301eb8c25ee238eb9
php-dba-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 37ee8762cd84c396983790b5ecac2db1b470fd91f21e41387caad8dba2ec3abf
php-dba-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: d1eb5975bfb95c824b3c1a0faa573b888c0f042ebf40f5e0d4038f1f1a7a9e14
php-dbg-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 1f8b22f6395a7776604923fa462233f38ee60036cdd37b44779b3598c174f8e6
php-dbg-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 00cfe3b75793ed11c5b92e1f8daf4aebc342b5133994657417a12fbf944c62ee
php-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 371264edfe6981bf6dd4cec248c61e23ed7549f84566172b19dafb8ecdd2af6e
php-debugsource-8.0.27-1.el9_1.aarch64.rpm
SHA-256: f926f9e6fd730050454ee270da8dea029bf6a6f2e040504cb2d0d0bac1cb0750
php-devel-8.0.27-1.el9_1.aarch64.rpm
SHA-256: f1ddd5928ea444e98a10633089d498984c1efe19b12badcd5d98ad2b96952a4e
php-embedded-8.0.27-1.el9_1.aarch64.rpm
SHA-256: bf18c7b20f00f23bbb92901ecd57731162bb16fcb74b75dce7fd63f6b8c2560c
php-embedded-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 10a4daa394166127622d3f4829f54a9dd2964205976c740e6c898d2191f90767
php-enchant-8.0.27-1.el9_1.aarch64.rpm
SHA-256: e8f6c7a1ae7ae183c262ad8b8963b1932c5f32f0b83d0fdc4630bd5c4e60a622
php-enchant-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 73fde88856eb8c1ec5a2348d6b8ebc79942f55348fb453c892d716718911eefa
php-ffi-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 074ce90afa6620474c699d90716a7d2f73c7672a6766238f1fd6ca45a736c411
php-ffi-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 77211a6ca112fd041c90afc95049efb2c0394971962facd56959dc7ada616ea6
php-fpm-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 4cc9ea35f21735e88dc96467e19a5f37f10bb1bade9289e168c59a09b031b008
php-fpm-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: fee96cc10a1e12597b4ed867070f5f7abb00568cd21c5872f9c9a11414c44887
php-gd-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 59da6e6f28161d0fd1fd1631309728a876799725a1c2a9cb987d771946833132
php-gd-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 50a2d0b800f2966f5aa4e323e94a9d4fe406ba1373b50864d463e442f4a52f93
php-gmp-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 88a91255106f84af5102b941532228e760f1f09a7fc9df22a7448b931cb91582
php-gmp-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: cad3ba8ed56e4975cab609d551230fba5d35256de904280d31d9169410050c75
php-intl-8.0.27-1.el9_1.aarch64.rpm
SHA-256: d9cfc83184c9ffb9b005d63a280d4876f90661ab299656dbac7162f6f6c8cc88
php-intl-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 0e3e295e9dc8c1db94e83bffba4b2e906cf2b1652c686450f221f0aff731f0e0
php-ldap-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 9412643699a143837c2efd7f65e0c9ac782222088646e001d1b669b5f9ca8649
php-ldap-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 14679f8fe8754f6492f7116caef3598b5dd12e9d18e62f3c3a07a98305696f03
php-mbstring-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 27d4684936fb9571456ba492535849f088ec7fd4cf8167513d73bc8640931e45
php-mbstring-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: ff671680b75768b7eb76f0cbab54237d6939e7d92929e747526ab67695971155
php-mysqlnd-8.0.27-1.el9_1.aarch64.rpm
SHA-256: f03ed26ce30e1e71da613b2c08617fae654c11c03fb3a513a4edc94795b16946
php-mysqlnd-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 0bf160a65018af5ee7d2ed749c29e27b4c544a71a7579cb5b4f3e1ed36c823f8
php-odbc-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 472c603ea5031a86e3da75406f6e57684281a4cd371b5f8930ba7c3f2dac0150
php-odbc-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: fb1984c3452e63eae95c4768298369198dd838b40a20ffda3ead8e88166c4bba
php-opcache-8.0.27-1.el9_1.aarch64.rpm
SHA-256: e8107aec5ad457fcc3e8b15623ffecfcfc38ee2304b41d1941a37caf30f42bab
php-opcache-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 8465bb04f3fa7c15e295ad507ec568cfdbb74dc3aa156dc12a12318c044dbd62
php-pdo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: c367bcc23a3a560cee5587f435f2e39fb6e8a9b5f44290cda78cbb9beaba9a11
php-pdo-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 71038353b15f281e8f1ec54be665816ff5b6f5e5365b4a1773a0df67c5b60fd5
php-pgsql-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 441acd5822a37756ff0f10eb6520ac0fbf932a99e469be221e80e89024d00e32
php-pgsql-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 8395dac34da2d636273df9dea875dc87ce9da542ab3e88f9b9f29eed43e964a0
php-process-8.0.27-1.el9_1.aarch64.rpm
SHA-256: d9f8521e07b50e1a96edbbcf1030e157b89a1f18b851bef565d8c6d03a82e365
php-process-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 6804cf6d7cead30971429e62ef40aee6b04ed00bb764f5d1c5007275727744ee
php-snmp-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 24b1ede4c4e36bfd3b96250518229b7464b64fdd8b18c02b333384912624b47d
php-snmp-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 187b7ce35eefb3b767e13d2dd9cd461c757b37bdd610c544a218dae426cf14d8
php-soap-8.0.27-1.el9_1.aarch64.rpm
SHA-256: f87143f963ca2485ac88cc0fd3681b7a8deaa4f91c8a84a1d7fa3ead04c34dd2
php-soap-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: e336a6fc17b6200cf91ffdd6d933275a6d572eda1a8fb7d4988349639d888d2d
php-xml-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 770930a68ce69663fc455fe357989ceac46fb86d65a4acc0f15792d3865dc0b1
php-xml-debuginfo-8.0.27-1.el9_1.aarch64.rpm
SHA-256: 7f8c1a84f93ff991d5f80d096ac57b2dcebf23abe5f73a9a61ae31ee2918c646
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202408-32 - Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. Versions greater than or equal to 8.1.29:8.1 are affected.
Ubuntu Security Notice 6525-1 - Nicky Mouha discovered that pysha incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause pysha3 to crash, resulting in a denial of service, or possibly execute arbitrary code.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.
Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Ubuntu Security Notice 5931-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
Ubuntu Security Notice 5930-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
Ubuntu Security Notice 5905-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise data integrity. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
Debian Linux Security Advisory 5363-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or incorrect validation of BCrypt hashes.
Red Hat Security Advisory 2023-0848-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0848-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0848-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0848-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-0848-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and integer overflow vulnerabilities.
An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...
An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...
An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...
An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...
An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31628: A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. * CVE-2022-31629: A vulner...
Ubuntu Security Notice 5818-1 - It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Ubuntu Security Notice 5767-1 - Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash.
Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.
Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.
Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.
Gentoo Linux Security Advisory 202211-3 - Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. Versions less than 7.4.33:7.4 are affected.
Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.
Debian Linux Security Advisory 5277-1 - Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result an denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code.
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.
Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.
Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.
Ubuntu Security Notice 5717-1 - It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to compromise the data It was discovered that PHP incorrectly handled certain image fonts. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.
Debian Linux Security Advisory 5269-1 - Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, a fast, compliant alternative implementation of the Python language.
Debian Linux Security Advisory 5267-1 - Nicky Mouha discovered a buffer overflow in 'sha3', a Python library for the SHA-3 hashing functions.
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.