RLSA-2023:5927

Synopsis

Important: php:8.0 security update

Description

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

* php: XML loading external entity without being enabled (CVE-2023-3823)

* php: phar Buffer mismanagement (CVE-2023-3824)

* php: 1-byte array overrun in common path resolve code (CVE-2023-0568)

* php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)

* php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)

* php: Password_verify() always return true with some hash (CVE-2023-0567)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 x86_64

Fixes

2170761 2170770 2170771 2219290 2229396 2230101

CVEs

CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 CVE-2023-3247 CVE-2023-3823 CVE-2023-3824

Affected packages

Rocky Linux 8 x86_64 - AppStream

apcu-panel-0:5.1.20-1.module+el8.6.0+790+fc63e43f.noarch.rpm libzip-0:1.7.3-1.module+el8.6.0+790+fc63e43f.src.rpm libzip-0:1.7.3-1.module+el8.6.0+790+fc63e43f.x86_64.rpm libzip-debuginfo-0:1.7.3-1.module+el8.6.0+790+fc63e43f.x86_64.rpm libzip-debugsource-0:1.7.3-1.module+el8.6.0+790+fc63e43f.x86_64.rpm libzip-devel-0:1.7.3-1.module+el8.6.0+790+fc63e43f.x86_64.rpm libzip-tools-0:1.7.3-1.module+el8.6.0+790+fc63e43f.x86_64.rpm libzip-tools-debuginfo-0:1.7.3-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.src.rpm php-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-bcmath-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-bcmath-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-cli-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-cli-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-common-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-common-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-dba-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-dba-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-dbg-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-dbg-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-debugsource-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-devel-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-embedded-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-embedded-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-enchant-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-enchant-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-ffi-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-ffi-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-fpm-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-fpm-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-gd-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-gd-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-gmp-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-gmp-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-intl-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-intl-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-ldap-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-ldap-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-mbstring-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-mbstring-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-mysqlnd-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-mysqlnd-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-odbc-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-odbc-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-opcache-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-opcache-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-pdo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-pdo-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-pear-1:1.10.13-1.module+el8.7.0+1067+0a7071cc.noarch.rpm php-pear-1:1.10.13-1.module+el8.7.0+1067+0a7071cc.src.rpm php-pecl-apcu-0:5.1.20-1.module+el8.6.0+790+fc63e43f.src.rpm php-pecl-apcu-0:5.1.20-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pecl-apcu-debuginfo-0:5.1.20-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pecl-apcu-debugsource-0:5.1.20-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pecl-apcu-devel-0:5.1.20-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pecl-rrd-0:2.0.3-1.module+el8.6.0+790+fc63e43f.src.rpm php-pecl-rrd-0:2.0.3-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pecl-rrd-debuginfo-0:2.0.3-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pecl-rrd-debugsource-0:2.0.3-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pecl-xdebug3-0:3.1.2-1.module+el8.6.0+790+fc63e43f.src.rpm php-pecl-xdebug3-0:3.1.2-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pecl-xdebug3-debuginfo-0:3.1.2-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pecl-xdebug3-debugsource-0:3.1.2-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pecl-zip-0:1.19.2-1.module+el8.6.0+790+fc63e43f.src.rpm php-pecl-zip-0:1.19.2-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pecl-zip-debuginfo-0:1.19.2-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pecl-zip-debugsource-0:1.19.2-1.module+el8.6.0+790+fc63e43f.x86_64.rpm php-pgsql-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-pgsql-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-process-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-process-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-snmp-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-snmp-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-soap-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-soap-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-xml-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm php-xml-debuginfo-0:8.0.30-1.module+el8.8.0+1550+d8f1b18f.x86_64.rpm