Описание
Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
-
php: 1-byte array overrun in common path resolve code (CVE-2023-0568)
-
php: Password_verify() always return true with some hash (CVE-2023-0567)
-
php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)
-
php: XML loading external entity without being enabled (CVE-2023-3823)
-
php: phar Buffer mismanagement (CVE-2023-3824)
-
php: host/secure cookie bypass due to partial CVE-2022-31629 fix (CVE-2024-2756)
-
php: password_verify can erroneously return true, opening ATO risk (CVE-2024-3096)
-
php: Filter bypass in filter_var (FILTER_VALIDATE_URL) (CVE-2024-5458)
-
php: Erroneous parsing of multipart form data (CVE-2024-8925)
-
php: cgi.force_redirect configuration is bypassable due to the environment variable collision (CVE-2024-8927)
-
php: PHP-FPM Log Manipulation Vulnerability (CVE-2024-9026)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 2170770
- Red Hat - 2170771
- Red Hat - 2219290
- Red Hat - 2229396
- Red Hat - 2230101
- Red Hat - 2275058
- Red Hat - 2275061
- Red Hat - 2291252
- Red Hat - 2317049
- Red Hat - 2317051
- Red Hat - 2317144
