ALT-BU-2022-6841-1
Branch sisyphus_mipsel update bulletin.
Package php8.0 updated to version 8.0.25-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2022-06445
Уязвимость криптографической хэш-функции SHA-3 программного пакета eXtended Keccak Code Package (XKCP), позволяющая нарушителю выполнить произвольный код
BDU:2022-07409
Уязвимость функции imageloadfont() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
- https://bugs.php.net/bug.php?id=81726
- https://bugs.php.net/bug.php?id=81726
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- FEDORA-2022-f204e1d0ed
- FEDORA-2022-f204e1d0ed
- FEDORA-2022-afdea1c747
- FEDORA-2022-afdea1c747
- FEDORA-2022-0b77fbd9e7
- FEDORA-2022-0b77fbd9e7
- GLSA-202211-03
- GLSA-202211-03
- https://security.netapp.com/advisory/ntap-20221209-0001/
- https://security.netapp.com/advisory/ntap-20221209-0001/
- DSA-5277
- DSA-5277
Modified: 2024-11-21
CVE-2022-31629
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
- [oss-security] 20240412 PHP security releases 8.1.28, 8.2.18, & 8.3.6
- [oss-security] 20240412 PHP security releases 8.1.28, 8.2.18, & 8.3.6
- https://bugs.php.net/bug.php?id=81727
- https://bugs.php.net/bug.php?id=81727
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- [debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update
- FEDORA-2022-f204e1d0ed
- FEDORA-2022-f204e1d0ed
- FEDORA-2024-5e8ae0def0
- FEDORA-2024-5e8ae0def0
- FEDORA-2024-39d50cc975
- FEDORA-2024-39d50cc975
- FEDORA-2022-afdea1c747
- FEDORA-2022-afdea1c747
- FEDORA-2022-0b77fbd9e7
- FEDORA-2022-0b77fbd9e7
- FEDORA-2024-b46619f761
- FEDORA-2024-b46619f761
- GLSA-202211-03
- GLSA-202211-03
- https://security.netapp.com/advisory/ntap-20221209-0001/
- https://security.netapp.com/advisory/ntap-20221209-0001/
- DSA-5277
- DSA-5277
Modified: 2024-11-21
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Modified: 2024-11-21
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
- https://csrc.nist.gov/projects/hash-functions/sha-3-project
- https://eprint.iacr.org/2023/331
- https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
- https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
- https://mouha.be/sha-3-buffer-overflow/
- https://news.ycombinator.com/item?id=33281106
- https://news.ycombinator.com/item?id=35050307
- https://security.gentoo.org/glsa/202305-02
- https://www.debian.org/security/2022/dsa-5267
- https://www.debian.org/security/2022/dsa-5269
- https://csrc.nist.gov/projects/hash-functions/sha-3-project
- https://www.debian.org/security/2022/dsa-5269
- https://security.netapp.com/advisory/ntap-20230203-0001/
- https://www.debian.org/security/2022/dsa-5267
- https://security.gentoo.org/glsa/202305-02
- https://news.ycombinator.com/item?id=35050307
- https://news.ycombinator.com/item?id=33281106
- https://mouha.be/sha-3-buffer-overflow/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
- https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
- https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
- https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
- https://eprint.iacr.org/2023/331