Описание
Moderate: php security, bug fix, and enhancement update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: php (8.0.20). (BZ#2095752)
Security Fix(es):
-
php: Use after free due to php_filter_float() failing for ints (CVE-2021-21708)
-
php: Uninitialized array in pg_query_params() leading to RCE (CVE-2022-31625)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 9
Связанные CVE
Исправления
- Red Hat - 2055879
- Red Hat - 2095447
- Red Hat - 2095752
- Red Hat - 2098521
- Red Hat - 2104630
Связанные уязвимости
ELSA-2022-8197: php security, bug fix, and enhancement update (MODERATE)
ELSA-2022-7624: php:8.0 security, bug fix, and enhancement update (MODERATE)
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.