RLSA-2022:6542

Опубликовано: 15 сент. 2022

Источник: rocky

Оценка: Moderate

Описание

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948)
Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949)
Archive_Tar: directory traversal due to inadequate checking of symbolic links (CVE-2020-36193)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 8

Наименование	Архитектура	Релиз	RPM
apcu-panel	noarch	1.module+el8.6.0+789+2130c178	apcu-panel-5.1.18-1.module+el8.6.0+789+2130c178.noarch.rpm
libzip	x86_64	1.module+el8.6.0+789+2130c178	libzip-1.6.1-1.module+el8.6.0+789+2130c178.x86_64.rpm
libzip-devel	x86_64	1.module+el8.6.0+789+2130c178	libzip-devel-1.6.1-1.module+el8.6.0+789+2130c178.x86_64.rpm
libzip-tools	x86_64	1.module+el8.6.0+789+2130c178	libzip-tools-1.6.1-1.module+el8.6.0+789+2130c178.x86_64.rpm
php-pear	noarch	1.module+el8.7.0+1067+0a7071cc	php-pear-1.10.13-1.module+el8.7.0+1067+0a7071cc.noarch.rpm
php-pecl-apcu	x86_64	1.module+el8.6.0+789+2130c178	php-pecl-apcu-5.1.18-1.module+el8.6.0+789+2130c178.x86_64.rpm
php-pecl-apcu-devel	x86_64	1.module+el8.6.0+789+2130c178	php-pecl-apcu-devel-5.1.18-1.module+el8.6.0+789+2130c178.x86_64.rpm
php-pecl-rrd	x86_64	1.module+el8.4.0+414+2e7afcdd	php-pecl-rrd-2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm
php-pecl-xdebug	x86_64	1.module+el8.4.0+415+e936cba3	php-pecl-xdebug-2.9.5-1.module+el8.4.0+415+e936cba3.x86_64.rpm
php-pecl-zip	x86_64	1.module+el8.6.0+789+2130c178	php-pecl-zip-1.18.2-1.module+el8.6.0+789+2130c178.x86_64.rpm