RHSA-2023:2903MediumCVSS 8.1
Red Hat Security Advisory: php:7.4 security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2017-8923 — php: Overflowing the length of string causes crash CVE-2022-31628 — php: phar: infinite loop when decompressing quine gzip file CVE-2022-31629 — php: standard insecure cookie could be treated as a '__Host-' or '__Secure-' cookie by PHP applications CVE-2022-31630 — php: OOB read due to insufficient input validation in imageloadfont() CVE-2022-31631 — php: PDO:: quote() may return unquoted string due to an integer overflow CVE-2022-37454 — XKCP: buffer overflow in the SHA-3 reference implementation
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2023:2903
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2133687
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2133688
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2139280
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2140200
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2158791
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2903.json