exploitDog

RLSA-2023:5927

Опубликовано: 24 окт. 2023

Источник: rocky

Оценка: Important

Описание

Important: php:8.0 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

php: XML loading external entity without being enabled (CVE-2023-3823)
php: phar Buffer mismanagement (CVE-2023-3824)
php: 1-byte array overrun in common path resolve code (CVE-2023-0568)
php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)
php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)
php: Password_verify() always return true with some hash (CVE-2023-0567)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 8

Связанные CVE

Ссылки на источники

Исправления

https://bugzilla.redhat.com/show_bug.cgi?id=2170761
Red Hat - 2170761
https://bugzilla.redhat.com/show_bug.cgi?id=2170770
Red Hat - 2170770
https://bugzilla.redhat.com/show_bug.cgi?id=2170771
Red Hat - 2170771
https://bugzilla.redhat.com/show_bug.cgi?id=2219290
Red Hat - 2219290
https://bugzilla.redhat.com/show_bug.cgi?id=2229396
Red Hat - 2229396
https://bugzilla.redhat.com/show_bug.cgi?id=2230101
Red Hat - 2230101

Связанные уязвимости

RLSA-2024:0387

rocky

почти 2 года назад

Moderate: php:8.1 security update

RLSA-2023:5926

rocky

больше 2 лет назад

Important: php security update

ELSA-2024-0387

oracle-oval

около 2 лет назад

ELSA-2024-0387: php:8.1 security update (MODERATE)

ELSA-2023-5927

oracle-oval

больше 2 лет назад

ELSA-2023-5927: php:8.0 security update (IMPORTANT)

ELSA-2023-5926

oracle-oval

больше 2 лет назад

ELSA-2023-5926: php security update (IMPORTANT)