Slackware: 2023-045-02: php Security Update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  php (SSA:2023-045-02)

New php packages are available for Slackware 15.0 and -current to
fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/php-7.4.33-i586-3_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  Core: Password_verify() always return true with some hash.
  Core: 1-byte array overrun in common path resolve code.
  SAPI: DOS vulnerability when parsing multipart request body.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-0567
    https://www.cve.org/CVERecord?id=CVE-2023-0568
    https://www.cve.org/CVERecord?id=CVE-2023-0662
  (* Security fix *)
extra/php80/php80-8.0.28-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Core: Password_verify() always return true with some hash.
  Core: 1-byte array overrun in common path resolve code.
  SAPI: DOS vulnerability when parsing multipart request body.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-0567
    https://www.cve.org/CVERecord?id=CVE-2023-0568
    https://www.cve.org/CVERecord?id=CVE-2023-0662
  (* Security fix *)
extra/php81/php81-8.1.16-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  Core: Password_verify() always return true with some hash.
  Core: 1-byte array overrun in common path resolve code.
  SAPI: DOS vulnerability when parsing multipart request body.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-0567
    https://www.cve.org/CVERecord?id=CVE-2023-0568
    https://www.cve.org/CVERecord?id=CVE-2023-0662
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on https://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/php-7.4.33-i586-3_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php80/php80-8.0.28-i586-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php81/php81-8.1.16-i586-1_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/php-7.4.33-x86_64-3_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php81/php81-8.1.16-x86_64-1_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-7.4.33-i586-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/php80/php80-8.0.28-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/php81/php81-8.1.16-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-7.4.33-x86_64-3.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/php80/php80-8.0.28-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/php81/php81-8.1.16-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 15.0 packages:
42f70860c20e4d8e7919632643b5d1e9  php-7.4.33-i586-3_slack15.0.txz
ca921cbd3e1913f168678b309478bb04  php80-8.0.28-i586-1_slack15.0.txz
3c315b9477355d47d90121e7f95309fa  php81-8.1.16-i586-1_slack15.0.txz

Slackware x86_64 15.0 packages:
99e509806237a9f9ab01e023f384d622  php-7.4.33-x86_64-3_slack15.0.txz
32f5653c682942e82be61a113193fd9a  php80-8.0.28-x86_64-1_slack15.0.txz
e0ef677a63dc35962226d828ae53ffbf  php81-8.1.16-x86_64-1_slack15.0.txz

Slackware -current packages:
93196b6545a6699bd9ad6a59dd24298e  n/php-7.4.33-i586-3.txz
9128ba44e5ad38c5898dd8445f415aa2  extra/php80/php80-8.0.28-i586-1.txz
23fd959729ed20f7a5ba4cb965217e66  extra/php81/php81-8.1.16-i586-1.txz

Slackware x86_64 -current packages:
7b59cd25c8065f8ddc713d883a8fbda2  n/php-7.4.33-x86_64-3.txz
edcb77db2ea1c340425241002ff5bd8f  extra/php80/php80-8.0.28-x86_64-1.txz
0075cef00072f4fabee60241271e8213  extra/php81/php81-8.1.16-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg php-7.4.33-i586-3_slack15.0.txz

Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start


+-----+

Slackware: 2023-045-02: php Security Update

February 15, 2023
New php packages are available for Slackware 15.0 and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/php-7.4.33-i586-3_slack15.0.txz: Rebuilt. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) extra/php80/php80-8.0.28-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) extra/php81/php81-8.1.16-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on https://slackware.com for additional mirror sites near you.
Updated packages for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/php-7.4.33-i586-3_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php80/php80-8.0.28-i586-1_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php81/php81-8.1.16-i586-1_slack15.0.txz
Updated packages for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/php-7.4.33-x86_64-3_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php81/php81-8.1.16-x86_64-1_slack15.0.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-7.4.33-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/php80/php80-8.0.28-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/php81/php81-8.1.16-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-7.4.33-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/php80/php80-8.0.28-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/php81/php81-8.1.16-x86_64-1.txz

MD5 Signatures

Slackware 15.0 packages: 42f70860c20e4d8e7919632643b5d1e9 php-7.4.33-i586-3_slack15.0.txz ca921cbd3e1913f168678b309478bb04 php80-8.0.28-i586-1_slack15.0.txz 3c315b9477355d47d90121e7f95309fa php81-8.1.16-i586-1_slack15.0.txz
Slackware x86_64 15.0 packages: 99e509806237a9f9ab01e023f384d622 php-7.4.33-x86_64-3_slack15.0.txz 32f5653c682942e82be61a113193fd9a php80-8.0.28-x86_64-1_slack15.0.txz e0ef677a63dc35962226d828ae53ffbf php81-8.1.16-x86_64-1_slack15.0.txz
Slackware -current packages: 93196b6545a6699bd9ad6a59dd24298e n/php-7.4.33-i586-3.txz 9128ba44e5ad38c5898dd8445f415aa2 extra/php80/php80-8.0.28-i586-1.txz 23fd959729ed20f7a5ba4cb965217e66 extra/php81/php81-8.1.16-i586-1.txz
Slackware x86_64 -current packages: 7b59cd25c8065f8ddc713d883a8fbda2 n/php-7.4.33-x86_64-3.txz edcb77db2ea1c340425241002ff5bd8f extra/php80/php80-8.0.28-x86_64-1.txz 0075cef00072f4fabee60241271e8213 extra/php81/php81-8.1.16-x86_64-1.txz

Severity
[slackware-security] php (SSA:2023-045-02)
New php packages are available for Slackware 15.0 and -current to fix security issues.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg php-7.4.33-i586-3_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start

Related News

Linux Kernel Vulnerabilities in Ubuntu Let Hackers Launch DOS Attack & Execute Arbitrary Code

Google Discloses CentOS Linux Kernel Vulnerabilities Following Failure to Issue Timely Fixes

Kali Linux 2023.1 Introduces 'Purple' Distro for Defensive Security

Companies Can’t Stop Using Open Source

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy