ALT Linux Team

Package php7-xsl update in p10_e2k on 2022-11-12

ALT-PU-2022-7023-1

Package php7-xsl updated to version 7.4.33-alt1.1 for branch p10_e2k.

Closed vulnerabilities

Published: 2022-10-21

BDU:2022-06445

Уязвимость криптографической хэш-функции SHA-3 программного пакета eXtended Keccak Code Package (XKCP), позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-11-14

BDU:2022-07409

Уязвимость функции imageloadfont() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity: HIGH (7.1) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
References:
Published: 2022-11-14
Modified: 2024-11-21

CVE-2022-31630

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
References:
Published: 2022-10-21
Modified: 2024-11-21

CVE-2022-37454

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top