ALSA-2024:0387

See a problem?
Please try reporting it to the source first.
Source
https://errata.almalinux.org/9/ALSA-2024-0387.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:0387.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2024:0387
Related
Published
2024-01-24T00:00:00Z
Modified
2024-01-25T22:02:03Z
Summary
Moderate: php:8.1 security update
Details

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

  • php: 1-byte array overrun in common path resolve code (CVE-2023-0568)
  • php: DoS vulnerability when parsing multipart request body (CVE-2023-0662)
  • php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (CVE-2023-3247)
  • php: XML loading external entity without being enabled (CVE-2023-3823)
  • php: phar Buffer mismanagement (CVE-2023-3824)
  • php: Password_verify() always return true with some hash (CVE-2023-0567)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9 / apcu-panel

Package

Name
apcu-panel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1.21-1.module_el9.1.0+15+94ba28e4

AlmaLinux:9 / php

Package

Name
php

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-bcmath

Package

Name
php-bcmath

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-cli

Package

Name
php-cli

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-common

Package

Name
php-common

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-dba

Package

Name
php-dba

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-dbg

Package

Name
php-dbg

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-devel

Package

Name
php-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-embedded

Package

Name
php-embedded

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-enchant

Package

Name
php-enchant

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-ffi

Package

Name
php-ffi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-fpm

Package

Name
php-fpm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-gd

Package

Name
php-gd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-gmp

Package

Name
php-gmp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-intl

Package

Name
php-intl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-ldap

Package

Name
php-ldap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-mbstring

Package

Name
php-mbstring

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-mysqlnd

Package

Name
php-mysqlnd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-odbc

Package

Name
php-odbc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-opcache

Package

Name
php-opcache

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-pdo

Package

Name
php-pdo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-pecl-apcu

Package

Name
php-pecl-apcu

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1.21-1.module_el9.1.0+15+94ba28e4

AlmaLinux:9 / php-pecl-apcu-devel

Package

Name
php-pecl-apcu-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1.21-1.module_el9.1.0+15+94ba28e4

AlmaLinux:9 / php-pecl-rrd

Package

Name
php-pecl-rrd

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.3-4.module_el9.1.0+15+94ba28e4

AlmaLinux:9 / php-pecl-xdebug3

Package

Name
php-pecl-xdebug3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.4-1.module_el9.1.0+15+94ba28e4

AlmaLinux:9 / php-pecl-zip

Package

Name
php-pecl-zip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.1-1.module_el9.1.0+15+94ba28e4

AlmaLinux:9 / php-pgsql

Package

Name
php-pgsql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-process

Package

Name
php-process

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-snmp

Package

Name
php-snmp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-soap

Package

Name
php-soap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1

AlmaLinux:9 / php-xml

Package

Name
php-xml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.27-1.module_el9.3.0+53+44872dd1