RHSA-2023:5926HighCVSS 7.5
Red Hat Security Advisory: php security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2023-0567 — php: Password_verify() always return true with some hash CVE-2023-0568 — php: 1-byte array overrun in common path resolve code CVE-2023-0662 — php: DoS vulnerability when parsing multipart request body CVE-2023-3247 — php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP CVE-2023-3823 — php: XML loading external entity without being enabled CVE-2023-3824 — php: phar Buffer mismanagement
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2023:5926
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170761
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170770
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170771
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2219290
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2229396
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2230101
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5926.json