{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2022:8197","synopsis":"Moderate: php security, bug fix, and enhancement update","severity":"SEVERITY_MODERATE","topic":"An update for php is now available for Rocky Linux 9.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.","description":"PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\nThe following packages have been upgraded to a later upstream version: php (8.0.20). (BZ#2095752)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2055879","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2055879","description":"CVE-2021-21708 php: Use after free due to php_filter_float() failing for ints"},{"ticket":"2095447","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2095447","description":"php-fpm has an odd Requires"},{"ticket":"2095752","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2095752","description":"Rebase to 8.0.20"},{"ticket":"2098521","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2098521","description":"CVE-2022-31625 php: Uninitialized array in pg_query_params() leading to RCE"},{"ticket":"2104630","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2104630","description":"PHP 8 snmp3 Calls Using authPriv or authNoPriv Immediately Return False Without Error Message"}],"cves":[{"name":"CVE-2021-21708","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2021-21708.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"9.8","cwe":"CWE-416"},{"name":"CVE-2022-31625","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-31625.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:H","cvss3BaseScore":"7.0","cwe":"CWE-824"}],"references":[],"publishedAt":"2023-01-26T21:50:01.755024Z","rpms":{},"rebootSuggested":false,"buildReferences":[]}