RLSA-2024:10951

Опубликовано: 19 дек. 2024

Источник: rocky

Оценка: Moderate

Описание

Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

php: host/secure cookie bypass due to partial CVE-2022-31629 fix (CVE-2024-2756)
php: password_verify can erroneously return true, opening ATO risk (CVE-2024-3096)
php: Filter bypass in filter_var (FILTER_VALIDATE_URL) (CVE-2024-5458)
php: Erroneous parsing of multipart form data (CVE-2024-8925)
php: cgi.force_redirect configuration is bypassable due to the environment variable collision (CVE-2024-8927)
php: PHP-FPM Log Manipulation Vulnerability (CVE-2024-9026)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 8

Наименование	Архитектура	Релиз	RPM
apcu-panel	noarch	1.module+el8.10.0+1596+477f03f8	apcu-panel-5.1.23-1.module+el8.10.0+1596+477f03f8.noarch.rpm
apcu-panel	noarch	1.module+el8.10.0+1596+477f03f8	apcu-panel-5.1.23-1.module+el8.10.0+1596+477f03f8.noarch.rpm
libzip	x86_64	1.module+el8.10.0+1596+477f03f8	libzip-1.7.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm
libzip-devel	x86_64	1.module+el8.10.0+1596+477f03f8	libzip-devel-1.7.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm
libzip-tools	x86_64	1.module+el8.10.0+1596+477f03f8	libzip-tools-1.7.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm
php	x86_64	1.module+el8.10.0+1911+f499711e	php-8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm
php-bcmath	x86_64	1.module+el8.10.0+1911+f499711e	php-bcmath-8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm
php-cli	x86_64	1.module+el8.10.0+1911+f499711e	php-cli-8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm
php-common	x86_64	1.module+el8.10.0+1911+f499711e	php-common-8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm
php-dba	x86_64	1.module+el8.10.0+1911+f499711e	php-dba-8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm