RHSA-2023:0965MediumCVSS 8.1
Red Hat Security Advisory: php security update
🔗 CVE IDs covered (5)
📋 Description
CVE-2022-31628 — php: phar: infinite loop when decompressing quine gzip file CVE-2022-31629 — php: standard insecure cookie could be treated as a '__Host-' or '__Secure-' cookie by PHP applications CVE-2022-31630 — php: OOB read due to insufficient input validation in imageloadfont() CVE-2022-31631 — php: PDO:: quote() may return unquoted string due to an integer overflow CVE-2022-37454 — XKCP: buffer overflow in the SHA-3 reference implementation
🔗 References (8)
- selfhttps://access.redhat.com/errata/RHSA-2023:0965
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2133687
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2133688
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2139280
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2140200
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2158791
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0965.json