ELSA-2022-8197

Опубликовано: 22 нояб. 2022

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2022-8197: php security, bug fix, and enhancement update (MODERATE)

[8.0.20-3]

snmp3 calls using authPriv or authNoPriv immediately return false #2104630

[8.0.20-2]

fix patch41 not applied (use system nikic/php-parser when available)

[8.0.20-1]

rebase to 8.0.20 #2095752
clean unneeded dependency on useradd command #2095447
add upstream patch to initialize pcre before mbstring
retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

php

8.0.20-3.el9

php-bcmath

8.0.20-3.el9

php-cli

8.0.20-3.el9

php-common

8.0.20-3.el9

php-dba

8.0.20-3.el9

php-dbg

8.0.20-3.el9

php-devel

8.0.20-3.el9

php-embedded

8.0.20-3.el9

php-enchant

8.0.20-3.el9

php-ffi

8.0.20-3.el9

php-fpm

8.0.20-3.el9

php-gd

8.0.20-3.el9

php-gmp

8.0.20-3.el9

php-intl

8.0.20-3.el9

php-ldap

8.0.20-3.el9

php-mbstring

8.0.20-3.el9

php-mysqlnd

8.0.20-3.el9

php-odbc

8.0.20-3.el9

php-opcache

8.0.20-3.el9

php-pdo

8.0.20-3.el9

php-pgsql

8.0.20-3.el9

php-process

8.0.20-3.el9

php-snmp

8.0.20-3.el9

php-soap

8.0.20-3.el9

php-xml

8.0.20-3.el9

Oracle Linux x86_64

php

8.0.20-3.el9

php-bcmath

8.0.20-3.el9

php-cli

8.0.20-3.el9

php-common

8.0.20-3.el9

php-dba

8.0.20-3.el9

php-dbg

8.0.20-3.el9

php-devel

8.0.20-3.el9

php-embedded

8.0.20-3.el9

php-enchant

8.0.20-3.el9

php-ffi

8.0.20-3.el9

php-fpm

8.0.20-3.el9

php-gd

8.0.20-3.el9

php-gmp

8.0.20-3.el9

php-intl

8.0.20-3.el9

php-ldap

8.0.20-3.el9

php-mbstring

8.0.20-3.el9

php-mysqlnd

8.0.20-3.el9

php-odbc

8.0.20-3.el9

php-opcache

8.0.20-3.el9

php-pdo

8.0.20-3.el9

php-pgsql

8.0.20-3.el9

php-process

8.0.20-3.el9

php-snmp

8.0.20-3.el9

php-soap

8.0.20-3.el9

php-xml

8.0.20-3.el9

Связанные CVE

CVE-2022-31625

CVE-2021-21708

Ссылки на источники

Связанные уязвимости

RLSA-2022:8197

rocky

больше 2 лет назад

Moderate: php security, bug fix, and enhancement update

RLSA-2022:7624

rocky

больше 2 лет назад

Moderate: php:8.0 security, bug fix, and enhancement update

ELSA-2022-7624

oracle-oval

больше 2 лет назад

ELSA-2022-7624: php:8.0 security, bug fix, and enhancement update (MODERATE)

SUSE-SU-2022:3997-1

suse-cvrf

больше 2 лет назад

Security update for php7

CVE-2022-31625

CVSS3: 8.1

ubuntu

около 3 лет назад

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.