RLSA-2024:0387

Security

Mirrored from RHSA-2024:0387

Issued at: 2024-02-12

Updated at: 2024-02-12

Synopsis

Moderate: php:8.1 security update

Description

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

* php: 1-byte array overrun in common path resolve code (CVE-2023-0568)

* php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)

* php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)

* php: XML loading external entity without being enabled (CVE-2023-3823)

* php: phar Buffer mismanagement (CVE-2023-3824)

* php: Password_verify() always return true with some hash (CVE-2023-0567)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 aarch64

Rocky Linux 9 ppc64le

Rocky Linux 9 s390x

Rocky Linux 9 x86_64

Fixes

2170761

2170770

2170771

2219290

2229396

2230101

CVEs

CVE-2023-0567

CVE-2023-0568

CVE-2023-0662

CVE-2023-3247

CVE-2023-3823

CVE-2023-3824

Affected packages

Rocky Linux 9 x86_64 - AppStream

apcu-panel-0:5.1.21-1.module+el9.2.0+15232+36037ab0.noarch.rpm

php-pecl-apcu-0:5.1.21-1.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-apcu-0:5.1.21-1.module+el9.2.0+15232+36037ab0.x86_64.rpm

php-pecl-apcu-debuginfo-0:5.1.21-1.module+el9.2.0+15232+36037ab0.x86_64.rpm

php-pecl-apcu-debugsource-0:5.1.21-1.module+el9.2.0+15232+36037ab0.x86_64.rpm

php-pecl-apcu-devel-0:5.1.21-1.module+el9.2.0+15232+36037ab0.x86_64.rpm

php-pecl-rrd-0:2.0.3-4.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-rrd-0:2.0.3-4.module+el9.2.0+15232+36037ab0.x86_64.rpm

php-pecl-rrd-debuginfo-0:2.0.3-4.module+el9.2.0+15232+36037ab0.x86_64.rpm

php-pecl-rrd-debugsource-0:2.0.3-4.module+el9.2.0+15232+36037ab0.x86_64.rpm

php-pecl-xdebug3-0:3.1.4-1.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-xdebug3-0:3.1.4-1.module+el9.2.0+15232+36037ab0.x86_64.rpm

php-pecl-xdebug3-debuginfo-0:3.1.4-1.module+el9.2.0+15232+36037ab0.x86_64.rpm

php-pecl-xdebug3-debugsource-0:3.1.4-1.module+el9.2.0+15232+36037ab0.x86_64.rpm

php-pecl-zip-0:1.20.1-1.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-zip-0:1.20.1-1.module+el9.2.0+15232+36037ab0.x86_64.rpm

php-pecl-zip-debuginfo-0:1.20.1-1.module+el9.2.0+15232+36037ab0.x86_64.rpm

php-pecl-zip-debugsource-0:1.20.1-1.module+el9.2.0+15232+36037ab0.x86_64.rpm

Rocky Linux 9 aarch64 - AppStream

apcu-panel-0:5.1.21-1.module+el9.2.0+15232+36037ab0.noarch.rpm

php-pecl-apcu-0:5.1.21-1.module+el9.2.0+15232+36037ab0.aarch64.rpm

php-pecl-apcu-0:5.1.21-1.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-apcu-debuginfo-0:5.1.21-1.module+el9.2.0+15232+36037ab0.aarch64.rpm

php-pecl-apcu-debugsource-0:5.1.21-1.module+el9.2.0+15232+36037ab0.aarch64.rpm

php-pecl-apcu-devel-0:5.1.21-1.module+el9.2.0+15232+36037ab0.aarch64.rpm

php-pecl-rrd-0:2.0.3-4.module+el9.2.0+15232+36037ab0.aarch64.rpm

php-pecl-rrd-0:2.0.3-4.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-rrd-debuginfo-0:2.0.3-4.module+el9.2.0+15232+36037ab0.aarch64.rpm

php-pecl-rrd-debugsource-0:2.0.3-4.module+el9.2.0+15232+36037ab0.aarch64.rpm

php-pecl-xdebug3-0:3.1.4-1.module+el9.2.0+15232+36037ab0.aarch64.rpm

php-pecl-xdebug3-0:3.1.4-1.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-xdebug3-debuginfo-0:3.1.4-1.module+el9.2.0+15232+36037ab0.aarch64.rpm

php-pecl-xdebug3-debugsource-0:3.1.4-1.module+el9.2.0+15232+36037ab0.aarch64.rpm

php-pecl-zip-0:1.20.1-1.module+el9.2.0+15232+36037ab0.aarch64.rpm

php-pecl-zip-0:1.20.1-1.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-zip-debuginfo-0:1.20.1-1.module+el9.2.0+15232+36037ab0.aarch64.rpm

php-pecl-zip-debugsource-0:1.20.1-1.module+el9.2.0+15232+36037ab0.aarch64.rpm

Rocky Linux 9 s390x - AppStream

apcu-panel-0:5.1.21-1.module+el9.2.0+15232+36037ab0.noarch.rpm

php-pecl-apcu-0:5.1.21-1.module+el9.2.0+15232+36037ab0.s390x.rpm

php-pecl-apcu-0:5.1.21-1.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-apcu-debuginfo-0:5.1.21-1.module+el9.2.0+15232+36037ab0.s390x.rpm

php-pecl-apcu-debugsource-0:5.1.21-1.module+el9.2.0+15232+36037ab0.s390x.rpm

php-pecl-apcu-devel-0:5.1.21-1.module+el9.2.0+15232+36037ab0.s390x.rpm

php-pecl-rrd-0:2.0.3-4.module+el9.2.0+15232+36037ab0.s390x.rpm

php-pecl-rrd-0:2.0.3-4.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-rrd-debuginfo-0:2.0.3-4.module+el9.2.0+15232+36037ab0.s390x.rpm

php-pecl-rrd-debugsource-0:2.0.3-4.module+el9.2.0+15232+36037ab0.s390x.rpm

php-pecl-xdebug3-0:3.1.4-1.module+el9.2.0+15232+36037ab0.s390x.rpm

php-pecl-xdebug3-0:3.1.4-1.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-xdebug3-debuginfo-0:3.1.4-1.module+el9.2.0+15232+36037ab0.s390x.rpm

php-pecl-xdebug3-debugsource-0:3.1.4-1.module+el9.2.0+15232+36037ab0.s390x.rpm

php-pecl-zip-0:1.20.1-1.module+el9.2.0+15232+36037ab0.s390x.rpm

php-pecl-zip-0:1.20.1-1.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-zip-debuginfo-0:1.20.1-1.module+el9.2.0+15232+36037ab0.s390x.rpm

php-pecl-zip-debugsource-0:1.20.1-1.module+el9.2.0+15232+36037ab0.s390x.rpm

Rocky Linux 9 ppc64le - AppStream

apcu-panel-0:5.1.21-1.module+el9.2.0+15232+36037ab0.noarch.rpm

php-pecl-apcu-0:5.1.21-1.module+el9.2.0+15232+36037ab0.ppc64le.rpm

php-pecl-apcu-0:5.1.21-1.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-apcu-debuginfo-0:5.1.21-1.module+el9.2.0+15232+36037ab0.ppc64le.rpm

php-pecl-apcu-debugsource-0:5.1.21-1.module+el9.2.0+15232+36037ab0.ppc64le.rpm

php-pecl-apcu-devel-0:5.1.21-1.module+el9.2.0+15232+36037ab0.ppc64le.rpm

php-pecl-rrd-0:2.0.3-4.module+el9.2.0+15232+36037ab0.ppc64le.rpm

php-pecl-rrd-0:2.0.3-4.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-rrd-debuginfo-0:2.0.3-4.module+el9.2.0+15232+36037ab0.ppc64le.rpm

php-pecl-rrd-debugsource-0:2.0.3-4.module+el9.2.0+15232+36037ab0.ppc64le.rpm

php-pecl-xdebug3-0:3.1.4-1.module+el9.2.0+15232+36037ab0.ppc64le.rpm

php-pecl-xdebug3-0:3.1.4-1.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-xdebug3-debuginfo-0:3.1.4-1.module+el9.2.0+15232+36037ab0.ppc64le.rpm

php-pecl-xdebug3-debugsource-0:3.1.4-1.module+el9.2.0+15232+36037ab0.ppc64le.rpm

php-pecl-zip-0:1.20.1-1.module+el9.2.0+15232+36037ab0.ppc64le.rpm

php-pecl-zip-0:1.20.1-1.module+el9.2.0+15232+36037ab0.src.rpm

php-pecl-zip-debuginfo-0:1.20.1-1.module+el9.2.0+15232+36037ab0.ppc64le.rpm

php-pecl-zip-debugsource-0:1.20.1-1.module+el9.2.0+15232+36037ab0.ppc64le.rpm