Red Hat Security Advisory: php:7.4 security update
🔗 CVE IDs covered (11)
📋 Description
CVE-2023-0567 — php: Password_verify() always return true with some hash CVE-2023-0568 — php: 1-byte array overrun in common path resolve code CVE-2023-3247 — php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP CVE-2023-3823 — php: XML loading external entity without being enabled CVE-2023-3824 — php: phar Buffer mismanagement CVE-2024-2756 — php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-3096 — php: password_verify can erroneously return true, opening ATO risk CVE-2024-5458 — php: Filter bypass in filter_var (FILTER_VALIDATE_URL) CVE-2024-8925 — php: Erroneous parsing of multipart form data CVE-2024-8927 — php: cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-9026 — php: PHP-FPM Log Manipulation Vulnerability
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2024:10952
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170770
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170771
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2219290
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2229396
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2230101
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2275058
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2275061
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2291252
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2317049
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2317051
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2317144
- externalhttps://issues.redhat.com/browse/RHEL-66589
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10952.json