ALT-BU-2022-5556-1
Branch sisyphus_mipsel update bulletin.
Package rpm-build-python3 updated to version 0.1.19-alt1 for branch sisyphus_mipsel.
Closed bugs
%python3_build does not work for PEP 517 conforming upstreams
Package php8.0 updated to version 8.0.21-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2022-03725
Уязвимость функции mysqlnd/pdo (mysqlnd_wireprotocol.c) интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
BDU:2022-05351
Уязвимость функции pg_query_params() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
- https://bugs.php.net/bug.php?id=81720
- https://bugs.php.net/bug.php?id=81720
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- FEDORA-2022-f3fc52428e
- FEDORA-2022-f3fc52428e
- FEDORA-2022-0a96e5b9b1
- FEDORA-2022-0a96e5b9b1
- GLSA-202209-20
- GLSA-202209-20
- https://security.netapp.com/advisory/ntap-20220722-0005/
- https://security.netapp.com/advisory/ntap-20220722-0005/
- DSA-5179
- DSA-5179
Modified: 2024-11-21
CVE-2022-31626
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
- https://bugs.php.net/bug.php?id=81719
- https://bugs.php.net/bug.php?id=81719
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- FEDORA-2022-f3fc52428e
- FEDORA-2022-f3fc52428e
- FEDORA-2022-0a96e5b9b1
- FEDORA-2022-0a96e5b9b1
- GLSA-202209-20
- GLSA-202209-20
- https://security.netapp.com/advisory/ntap-20220722-0005/
- https://security.netapp.com/advisory/ntap-20220722-0005/
- DSA-5179
- DSA-5179
Package php8.1 updated to version 8.1.8-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2022-03725
Уязвимость функции mysqlnd/pdo (mysqlnd_wireprotocol.c) интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
BDU:2022-04762
Уязвимость реализации функции finfo_buffer() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
BDU:2022-05351
Уязвимость функции pg_query_params() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
- https://bugs.php.net/bug.php?id=81720
- https://bugs.php.net/bug.php?id=81720
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- FEDORA-2022-f3fc52428e
- FEDORA-2022-f3fc52428e
- FEDORA-2022-0a96e5b9b1
- FEDORA-2022-0a96e5b9b1
- GLSA-202209-20
- GLSA-202209-20
- https://security.netapp.com/advisory/ntap-20220722-0005/
- https://security.netapp.com/advisory/ntap-20220722-0005/
- DSA-5179
- DSA-5179
Modified: 2024-11-21
CVE-2022-31626
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
- https://bugs.php.net/bug.php?id=81719
- https://bugs.php.net/bug.php?id=81719
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- FEDORA-2022-f3fc52428e
- FEDORA-2022-f3fc52428e
- FEDORA-2022-0a96e5b9b1
- FEDORA-2022-0a96e5b9b1
- GLSA-202209-20
- GLSA-202209-20
- https://security.netapp.com/advisory/ntap-20220722-0005/
- https://security.netapp.com/advisory/ntap-20220722-0005/
- DSA-5179
- DSA-5179
Modified: 2024-11-21
CVE-2022-31627
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.