ALSA-2023:0965

Source
https://errata.almalinux.org/9/ALSA-2023-0965.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:0965.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2023:0965
Related
Published
2023-02-28T00:00:00Z
Modified
2023-02-28T18:26:14Z
Summary
Moderate: php security update
Details

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

The following packages have been upgraded to a later upstream version: php (8.0.27). (BZ#2161667)

Security Fix(es):

  • XKCP: buffer overflow in the SHA-3 reference implementation (CVE-2022-37454)
  • php: standard insecure cookie could be treated as a __Host- or __Secure- cookie by PHP applications (CVE-2022-31629)
  • php: OOB read due to insufficient input validation in imageloadfont() (CVE-2022-31630)
  • php: Due to an integer overflow PDO::quote() may return unquoted string (CVE-2022-31631)
  • php: phar wrapper can occur dos when using quine gzip file (CVE-2022-31628)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9 / php

Package

Name
php

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-bcmath

Package

Name
php-bcmath

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-cli

Package

Name
php-cli

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-common

Package

Name
php-common

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-dba

Package

Name
php-dba

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-dbg

Package

Name
php-dbg

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-devel

Package

Name
php-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-embedded

Package

Name
php-embedded

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-enchant

Package

Name
php-enchant

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-ffi

Package

Name
php-ffi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-fpm

Package

Name
php-fpm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-gd

Package

Name
php-gd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-gmp

Package

Name
php-gmp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-intl

Package

Name
php-intl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-ldap

Package

Name
php-ldap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-mbstring

Package

Name
php-mbstring

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-mysqlnd

Package

Name
php-mysqlnd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-odbc

Package

Name
php-odbc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-opcache

Package

Name
php-opcache

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-pdo

Package

Name
php-pdo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-pgsql

Package

Name
php-pgsql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-process

Package

Name
php-process

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-snmp

Package

Name
php-snmp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-soap

Package

Name
php-soap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1

AlmaLinux:9 / php-xml

Package

Name
php-xml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.27-1.el9_1