Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 518
Alerts This Week
Warning Icon 1 518

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 100 articles for you...
217

Oracle Linux 9 ELSA-2025-7431 moderate: PHP HTTP Wrapper Fixes

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-7431 http://linux.oracle.com/errata/ELSA-2025-7431.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: php-8.0.30-3.el9_6.x86_64.rpm php-bcmath-8.0.30-3.el9_6.x86_64.rpm php-cli-8.0.30-3.el9_6.x86_64.rpm php-common-8.0.30-3.el9_6.x86_64.rpm php-dba-8.0.30-3.el9_6.x86_64.rpm php-dbg-8.0.30-3.el9_6.x86_64.rpm php-devel-8.0.30-3.el9_6.x86_64.rpm php-embedded-8.0.30-3.el9_6.x86_64.rpm php-enchant-8.0.30-3.el9_6.x86_64.rpm php-ffi-8.0.30-3.el9_6.x86_64.rpm php-fpm-8.0.30-3.el9_6.x86_64.rpm php-gd-8.0.30-3.el9_6.x86_64.rpm php-gmp-8.0.30-3.el9_6.x86_64.rpm php-intl-8.0.30-3.el9_6.x86_64.rpm php-ldap-8.0.30-3.el9_6.x86_64.rpm php-mbstring-8.0.30-3.el9_6.x86_64.rpm php-mysqlnd-8.0.30-3.el9_6.x86_64.rpm php-odbc-8.0.30-3.el9_6.x86_64.rpm php-opcache-8.0.30-3.el9_6.x86_64.rpm php-pdo-8.0.30-3.el9_6.x86_64.rpm php-pgsql-8.0.30-3.el9_6.x86_64.rpm php-process-8.0.30-3.el9_6.x86_64.rpm php-snmp-8.0.30-3.el9_6.x86_64.rpm php-soap-8.0.30-3.el9_6.x86_64.rpm php-xml-8.0.30-3.el9_6.x86_64.rpm aarch64: php-8.0.30-3.el9_6.aarch64.rpm php-bcmath-8.0.30-3.el9_6.aarch64.rpm php-cli-8.0.30-3.el9_6.aarch64.rpm php-common-8.0.30-3.el9_6.aarch64.rpm php-dba-8.0.30-3.el9_6.aarch64.rpm php-dbg-8.0.30-3.el9_6.aarch64.rpm php-devel-8.0.30-3.el9_6.aarch64.rpm php-embedded-8.0.30-3.el9_6.aarch64.rpm php-enchant-8.0.30-3.el9_6.aarch64.rpm php-ffi-8.0.30-3.el9_6.aarch64.rpm php-fpm-8.0.30-3.el9_6.aarch64.rpm php-gd-8.0.30-3.el9_6.aarch64.rpm php-gmp-8.0.30-3.el9_6.aarch64.rpm php-intl-8.0.30-3.el9_6.aarch64.rpm php-ldap-8.0.30-3.el9_6.aarch64.rpm php-mbstring-8.0.30-3.el9_6.aarch64.rpm php-mysqlnd-8.0.30-3.el9_6.aarch64.rpm php-odbc-8.0.30-3.el9_6.aarch64.rpm php-opcache-8.0.30-3.el9_6.aarch64.rpm php-pdo-8.0.30-3.el9_6.aarch64.rpm php-pgsql-8.0.30-3.el9_6.aarch64.rpm php-process-8.0.30-3.el9_6.aarch64.rpm php-snmp-8.0.30-3.el9_6.aarch64.rpm php-soap-8.0.30-3.el9_6.aarch64.rpm php-xml-8.0.30-3.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//php-8.0.30-3.el9_6.src.rpm Related CVEs: CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 CVE-2025-1861 Description of changes: [8.0.30-3] - Fix libxmlstreams use wrong content-type header when requesting a redirected resource CVE-2025-1219 - Fix Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 - Fix Stream HTTP wrapper truncate redirect location to 1024 bytes CVE-2025-1861 - Fix Streams HTTP wrapper does not fail for headers without colon CVE-2025-1734 - Fix Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux enhancements for PHP addressing urgent vulnerabilities in HTTP handling and cybersecurity risks. Discover further details today!. Oracle Linux Updates, PHP Security, HTTP Wrapper Fix, Linux Security Advisory, Moderate Severity. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 27, 2025 Important Oracle
217

Oracle Linux 9 ELSA-2025-4263: Moderate Risk in PHP 8.1.32 Security

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-4263 http://linux.oracle.com/errata/ELSA-2025-4263.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: apcu-panel-5.1.21-1.module+el9.1.0+20776+c1b960c0.noarch.rpm php-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-bcmath-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-cli-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-common-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-dba-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-dbg-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-devel-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-embedded-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-enchant-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-ffi-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-fpm-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-gd-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-gmp-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-intl-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-ldap-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-mbstring-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-mysqlnd-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-odbc-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-opcache-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-pdo-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-pecl-apcu-5.1.21-1.module+el9.1.0+20776+c1b960c0.x86_64.rpm php-pecl-apcu-devel-5.1.21-1.module+el9.1.0+20776+c1b960c0.x86_64.rpm php-pecl-rrd-2.0.3-4.module+el9.1.0+20776+c1b960c0.x86_64.rpm php-pecl-xdebug3-3.1.4-1.module+el9.1.0+20776+c1b960c0.x86_64.rpm php-pecl-zip-1.20.1-1.module+el9.1.0+20776+c1b960c0.x86_64.rpm php-pgsql-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-process-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-snmp-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-soap-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm php-xml-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm aarch64: apcu-panel-5.1.21-1.module+el9.1.0+20776+c1b960c0.noarch.rpm php-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-bcmath-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-cli-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-common-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-dba-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-dbg-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-devel-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-embedded-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-enchant-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-ffi-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-fpm-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-gd-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-gmp-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-intl-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-ldap-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-mbstring-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-mysqlnd-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-odbc-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-opcache-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-pdo-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-pecl-apcu-5.1.21-1.module+el9.1.0+20776+c1b960c0.aarch64.rpm php-pecl-apcu-devel-5.1.21-1.module+el9.1.0+20776+c1b960c0.aarch64.rpm php-pecl-rrd-2.0.3-4.module+el9.1.0+20776+c1b960c0.aarch64.rpm php-pecl-xdebug3-3.1.4-1.module+el9.1.0+20776+c1b960c0.aarch64.rpm php-pecl-zip-1.20.1-1.module+el9.1.0+20776+c1b960c0.aarch64.rpm php-pgsql-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-process-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-snmp-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-soap-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm php-xml-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//php-8.1.32-1.module+el9.5.0+90557+5e9037e7.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//php-pecl-apcu-5.1.21-1.module+el9.1.0+20776+c1b960c0.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//php-pecl-rrd-2.0.3-4.module+el9.1.0+20776+c1b960c0.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//php-pecl-xdebug3-3.1.4-1.module+el9.1.0+20776+c1b960c0.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//php-pecl-zip-1.20.1-1.module+el9.1.0+20776+c1b960c0.src.rpm Related CVEs: CVE-2024-8929 CVE-2024-11233 CVE-2024-11234 CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 CVE-2025-1861 Description of changes: php [8.1.32-1] - rebase to 8.1.32 php-pecl-apcu php-pecl-rrd php-pecl-xdebug3 php-pecl-zip _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 9 security notification ELSA-2025-4264 covers significant vulnerabilities in PHP version 8.1.33 upgrades.. Oracle Linux, PHP 8.1.32, Security Advisory, ELSA-2025-4263. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 01, 2025 Important Oracle
172

Ubuntu 16.04 LTS USN-7157-3: critical PHP input handling issues

Several security issues were fixed in PHP.. ========================================================================== Ubuntu Security Notice USN-7157-3 January 29, 2025 php7.0 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php7.0: HTML-embedded scripting language interpreter Details: USN-7157-1 fixed vulnerabilities in PHP versions 7.4, 8.1, and 8.3. This update provides the corresponding updates for PHP version 7.0. Original advisory details: It was discovered that PHP incorrectly handled certain inputs when processed with convert.quoted-printable decode filters. An attacker could possibly use this issue to expose sensitive information or cause a crash. (CVE-2024-11233) It was discovered that PHP incorrectly handled certain HTTP requests. An attacker could possibly use this issue to performing arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. (CVE-2024-11234) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2024-8932) It was discovered that PHP incorrectly handled certain MySQL requests. An attacker could possibly use this issue to cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server. (CVE-2024-8929) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.16+esm14 Available with Ubuntu Pro php7.0 7.0.33-0ubuntu0.16.04.16+esm14 Available with Ubuntu Pro php7.0-cgi 7.0.33-0ubuntu0.16.04.16+esm14 Available with Ubuntu Pro php7.0-cli 7.0.33-0ubuntu0.16.04.16+esm14 Available with Ubuntu Pro php7.0-ldap 7.0.33-0ubuntu0.16.04.16+esm14 Available with Ubuntu Pro php7.0-mysql 7.0.33-0ubuntu0.16.04.16+esm14 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7157-3 https://ubuntu.com/security/notices/USN-7157-2 https://ubuntu.com/security/notices/USN-7157-1 CVE-2024-11233, CVE-2024-11234, CVE-2024-8929, CVE-2024-8932 . Numerous security patches for Ubuntu 16.04 LTS related to PHP have been released to tackle serious vulnerabilities, including risks of arbitrary code execution.. php7.0 update, Ubuntu 16.04 fix, PHP security issues, PHP exploits, system security update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 29, 2025 Critical Ubuntu
219

Rocky Linux 8 RLSA-2024:10951 moderate: php security update

Moderate: php:8.2 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:10951", "synopsis": "Moderate: php:8.2 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for module.libzip, module.php-pecl-apcu, module.php-pecl-xdebug3, module.php-pecl-zip, php-pecl-rrd, module.php-pear, module.php-pecl-rrd, php-pecl-zip, php, libzip, module.php, php-pecl-apcu, php-pecl-xdebug3, php-pear.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: host/secure cookie bypass due to partial CVE-2022-31629 fix (CVE-2024-2756)\n\n* php: password_verify can erroneously return true, opening ATO risk (CVE-2024-3096)\n\n* php: Filter bypass in filter_var (FILTER_VALIDATE_URL) (CVE-2024-5458)\n\n* php: Erroneous parsing of multipart form data (CVE-2024-8925)\n\n* php: cgi.force_redirect configuration is bypassable due to the environment variable collision (CVE-2024-8927)\n\n* php: PHP-FPM Log Manipulation Vulnerability (CVE-2024-9026)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2275058", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2275058", "description": ""}, {"ticket": "2275061", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2275061", "description": ""}, {"ticket": "2291252", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2291252", "description": ""}, {"ticket": "2317049", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2317049", "description":""}, {"ticket": "2317051", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2317051", "description": ""}, {"ticket": "2317144", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2317144", "description": ""}], "cves": [{"name": "CVE-2024-2756", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-2756", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-3096", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-3096", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-5458", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-5458", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-8925", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-8925", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-8927", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-8927", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-9026", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-9026", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-12-19T04:18:05.672002Z", "rpms": {"Rocky Linux 8": {"nvras": ["apcu-panel-0:5.1.23-1.module+el8.10.0+1596+477f03f8.noarch.rpm", "libzip-0:1.7.3-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "libzip-0:1.7.3-1.module+el8.10.0+1596+477f03f8.src.rpm", "libzip-0:1.7.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "libzip-debuginfo-0:1.7.3-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "libzip-debuginfo-0:1.7.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "libzip-debugsource-0:1.7.3-1.module+el8.10.0+1596+477f03f8.aarch64.rpm","libzip-debugsource-0:1.7.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "libzip-devel-0:1.7.3-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "libzip-devel-0:1.7.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "libzip-tools-0:1.7.3-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "libzip-tools-0:1.7.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "libzip-tools-debuginfo-0:1.7.3-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "libzip-tools-debuginfo-0:1.7.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-0:8.2.25-1.module+el8.10.0+1911+f499711e.src.rpm", "php-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-bcmath-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-bcmath-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-bcmath-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-bcmath-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-cli-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-cli-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-cli-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-cli-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-common-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-common-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-common-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-common-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-dba-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-dba-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-dba-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-dba-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-dbg-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-dbg-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-dbg-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm","php-dbg-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-debugsource-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-debugsource-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-devel-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-devel-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-embedded-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-embedded-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-embedded-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-embedded-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-enchant-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-enchant-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-enchant-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-enchant-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-ffi-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-ffi-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-ffi-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-ffi-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-fpm-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-fpm-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-fpm-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-fpm-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-gd-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-gd-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-gd-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-gd-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-gmp-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-gmp-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm","php-gmp-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-gmp-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-intl-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-intl-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-intl-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-intl-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-ldap-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-ldap-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-ldap-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-ldap-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-mbstring-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-mbstring-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-mbstring-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-mbstring-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-mysqlnd-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-mysqlnd-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-mysqlnd-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-mysqlnd-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-odbc-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-odbc-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-odbc-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-odbc-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-opcache-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-opcache-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-opcache-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-opcache-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pdo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pdo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm","php-pdo-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pdo-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pear-1:1.10.14-1.module+el8.10.0+1596+477f03f8.noarch.rpm", "php-pear-1:1.10.14-1.module+el8.10.0+1596+477f03f8.src.rpm", "php-pecl-apcu-0:5.1.23-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-apcu-0:5.1.23-1.module+el8.10.0+1596+477f03f8.src.rpm", "php-pecl-apcu-0:5.1.23-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-pecl-apcu-debuginfo-0:5.1.23-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.23-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-pecl-apcu-debugsource-0:5.1.23-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.23-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.23-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.23-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-pecl-rrd-0:2.0.3-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-rrd-0:2.0.3-1.module+el8.10.0+1596+477f03f8.src.rpm", "php-pecl-rrd-0:2.0.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.3-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.3-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-pecl-xdebug3-0:3.2.2-2.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-xdebug3-0:3.2.2-2.module+el8.10.0+1596+477f03f8.src.rpm", "php-pecl-xdebug3-0:3.2.2-2.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-pecl-xdebug3-debuginfo-0:3.2.2-2.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-xdebug3-debuginfo-0:3.2.2-2.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-pecl-xdebug3-debugsource-0:3.2.2-2.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-xdebug3-debugsource-0:3.2.2-2.module+el8.10.0+1596+477f03f8.x86_64.rpm","php-pecl-zip-0:1.22.3-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-zip-0:1.22.3-1.module+el8.10.0+1596+477f03f8.src.rpm", "php-pecl-zip-0:1.22.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-pecl-zip-debuginfo-0:1.22.3-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-zip-debuginfo-0:1.22.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-pecl-zip-debugsource-0:1.22.3-1.module+el8.10.0+1596+477f03f8.aarch64.rpm", "php-pecl-zip-debugsource-0:1.22.3-1.module+el8.10.0+1596+477f03f8.x86_64.rpm", "php-pgsql-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pgsql-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pgsql-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pgsql-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-process-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-process-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-process-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-process-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-snmp-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-snmp-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-snmp-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-snmp-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-soap-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-soap-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-soap-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-soap-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-xml-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-xml-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-xml-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-xml-debuginfo-0:8.2.25-1.module+el8.10.0+1911+f499711e.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A recent PHP upgrade for Rocky Linux addresses multiple securityvulnerabilities revealed in CVEs. It is advisable to implement this update swiftly to enhance system security.. php security update, Rocky Linux advisory, security issues, moderate severity. . LinuxSecurity.com Team

Calendar%202 Dec 19, 2024 Rocky Linux
217

Oracle Linux 8 ELSA-2024-10952 moderate: php security fixes

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-10952 http://linux.oracle.com/errata/ELSA-2024-10952.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: apcu-panel-5.1.18-1.module+el8.10.0+90472+f810484b.noarch.rpm libzip-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm libzip-devel-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm libzip-tools-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm php-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-bcmath-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-cli-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-common-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-dba-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-dbg-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-devel-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-embedded-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-enchant-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-ffi-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-fpm-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-gd-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-gmp-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-intl-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-json-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-ldap-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-mbstring-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-mysqlnd-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-odbc-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-opcache-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-pdo-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.noarch.rpm php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.x86_64.rpm php-pecl-apcu-devel-5.1.18-1.module+el8.10.0+90472+f810484b.x86_64.rpm php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.x86_64.rpm php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.x86_64.rpm php-pgsql-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-process-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-snmp-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-soap-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-xml-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-xmlrpc-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm aarch64: apcu-panel-5.1.18-1.module+el8.10.0+90472+f810484b.noarch.rpm libzip-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm libzip-devel-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm libzip-tools-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm php-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-bcmath-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-cli-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-common-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-dba-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-dbg-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-devel-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-embedded-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-enchant-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-ffi-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-fpm-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-gd-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-gmp-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-intl-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-json-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-ldap-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-mbstring-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-mysqlnd-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-odbc-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-opcache-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-pdo-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.noarch.rpm php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.aarch64.rpm php-pecl-apcu-devel-5.1.18-1.module+el8.10.0+90472+f810484b.aarch64.rpm php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.aarch64.rpm php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.aarch64.rpm php-pgsql-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-process-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-snmp-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-soap-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-xml-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-xmlrpc-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//libzip-1.6.1-1.module+el8.10.0+90472+f810484b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-7.4.33-2.module+el8.10.0+90472+f810484b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.src.rpm Related CVEs: CVE-2023-0567 CVE-2023-0568 CVE-2023-3247 CVE-2023-3823 CVE-2023-3824 CVE-2024-2756 CVE-2024-3096 CVE-2024-5458 CVE-2024-8925 CVE-2024-8927 CVE-2024-9026 Description of changes: libzip [1.6.1-1] - update to 1.6.1 - enable lzma support php [7.4.33-2] - fix low/moderate CVEs RHEL-66589 - Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927 - Fix Logs from childrens may be altered CVE-2024-9026 - Fix Erroneous parsing of multipart form data CVE-2024-8925 - Fix filter bypass in filter_var FILTER_VALIDATE_URL CVE-2024-5458 - Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 - Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096 - Fix Security issue with external entity loading in XMLwithout enabling it CVE-2023-3823 - Fix Buffer mismanagement in phar_dir_read() CVE-2023-3824 - Fix Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP CVE-2023-3247 - fix #81744: Password_verify() always return true with some hash CVE-2023-0567 - fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568 - fix DOS vulnerability when parsing multipart request body CVE-2023-0662 php-pear [1:1.10.13-1] - update PEAR to 1.10.13 - update Archive_Tar to 1.4.14 php-pecl-apcu [5.1.18-1] - update to 5.1.18 php-pecl-rrd [2.0.1-1] - build for RHEL 8 php-pecl-xdebug php-pecl-zip [1.18.2-1] - update to 1.18.2 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 8's latest release updates feature PHP 7.4 and various packages that tackle moderate security vulnerabilities. Read below for full details. Oracle Linux updates, PHP security patch, Unbreakable Linux Network, package updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 13, 2024 Important Oracle
217

Oracle Linux 8: ELSA-2024-10951 moderate: php and libzip updates

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-10951 http://linux.oracle.com/errata/ELSA-2024-10951.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: apcu-panel-5.1.23-1.module+el8.10.0+90469+8883f508.noarch.rpm libzip-1.7.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm libzip-devel-1.7.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm libzip-tools-1.7.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-bcmath-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-cli-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-common-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-dba-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-dbg-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-devel-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-embedded-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-enchant-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-ffi-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-fpm-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-gd-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-gmp-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-intl-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-ldap-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-mbstring-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-mysqlnd-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-odbc-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-opcache-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-pdo-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-pear-1.10.14-1.module+el8.10.0+90469+8883f508.noarch.rpm php-pecl-apcu-5.1.23-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-pecl-apcu-devel-5.1.23-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-pecl-rrd-2.0.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-pecl-xdebug3-3.2.2-2.module+el8.10.0+90469+8883f508.x86_64.rpm php-pecl-zip-1.22.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-pgsql-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-process-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-snmp-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-soap-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm php-xml-8.2.25-1.module+el8.10.0+90469+8883f508.x86_64.rpm aarch64: apcu-panel-5.1.23-1.module+el8.10.0+90469+8883f508.noarch.rpm libzip-1.7.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm libzip-devel-1.7.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm libzip-tools-1.7.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-bcmath-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-cli-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-common-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-dba-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-dbg-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-devel-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-embedded-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-enchant-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-ffi-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-fpm-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-gd-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-gmp-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-intl-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-ldap-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-mbstring-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-mysqlnd-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-odbc-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-opcache-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-pdo-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-pear-1.10.14-1.module+el8.10.0+90469+8883f508.noarch.rpm php-pecl-apcu-5.1.23-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-pecl-apcu-devel-5.1.23-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-pecl-rrd-2.0.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-pecl-xdebug3-3.2.2-2.module+el8.10.0+90469+8883f508.aarch64.rpm php-pecl-zip-1.22.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-pgsql-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-process-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-snmp-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-soap-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm php-xml-8.2.25-1.module+el8.10.0+90469+8883f508.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//libzip-1.7.3-1.module+el8.10.0+90469+8883f508.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-8.2.25-1.module+el8.10.0+90469+8883f508.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pear-1.10.14-1.module+el8.10.0+90469+8883f508.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-apcu-5.1.23-1.module+el8.10.0+90469+8883f508.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-rrd-2.0.3-1.module+el8.10.0+90469+8883f508.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-xdebug3-3.2.2-2.module+el8.10.0+90469+8883f508.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-zip-1.22.3-1.module+el8.10.0+90469+8883f508.src.rpm Related CVEs: CVE-2024-2756 CVE-2024-3096 CVE-2024-5458 CVE-2024-8925 CVE-2024-8927 CVE-2024-9026 Description of changes: libzip php [8.2.25-1] - rebase to 8.2.25 RHEL-66166 php-pear php-pecl-apcu php-pecl-rrd php-pecl-xdebug3 php-pecl-zip _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Advisory ELSA-2024-10952 provides updates for perl and libxml2 addressing moderate severity vulnerabilities identified.. Oracle Linux Security, php security advisory, libzip patch, moderate update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 13, 2024 Important Oracle
172

Ubuntu 24.04 LTS: USN-7049-1 critical: php remote attack issues

Several security issues were fixed in PHP.. ========================================================================== Ubuntu Security Notice USN-7049-1 October 01, 2024 php7.4, php8.1, php8.3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php8.3: HTML-embedded scripting language interpreter - php8.1: HTML-embedded scripting language interpreter - php7.4: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. (CVE-2024-8925) It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions. (CVE-2024-8927) It was discovered that PHP-FPM incorrectly handled logging. A remote attacker could possibly use this issue to alter and inject arbitrary contents into log files. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-9026) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libapache2-mod-php8.3 8.3.6-0ubuntu0.24.04.2 php8.3-cgi 8.3.6-0ubuntu0.24.04.2 php8.3-cli 8.3.6-0ubuntu0.24.04.2 php8.3-fpm 8.3.6-0ubuntu0.24.04.2 Ubuntu 22.04 LTS libapache2-mod-php8.1 8.1.2-1ubuntu2.19 php8.1-cgi 8.1.2-1ubuntu2.19 php8.1-cli 8.1.2-1ubuntu2.19 php8.1-fpm 8.1.2-1ubuntu2.19 Ubuntu 20.04 LTS libapache2-mod-php7.4 7.4.3-4ubuntu2.24 php7.4-cgi 7.4.3-4ubuntu2.24 php7.4-cli 7.4.3-4ubuntu2.24 php7.4-fpm 7.4.3-4ubuntu2.24 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7049-1 CVE-2024-8925, CVE-2024-8927, CVE-2024-9026 Package Information: https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu0.24.04.2 . Updates for PHP vulnerabilities are covered in Ubuntu Security Announcement USN-7050-1 for releases 7.4, 8.1, and 8.3.. Ubuntu Security Notice, PHP update, software flaws. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 01, 2024 Critical Ubuntu
87

Debian: DSA-5717-1 Critical Advisory On PHP 8.2 User Validation

It was discovered that user validation was incorrectly implemented for filter_var(FILTER_VALIDATE_URL). For the stable distribution (bookworm), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5717-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff June 20, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php8.2 CVE ID : CVE-2024-5458 It was discovered that user validation was incorrectly implemented for filter_var(FILTER_VALIDATE_URL). For the stable distribution (bookworm), this problem has been fixed in version 8.2.20-1~deb12u1. We recommend that you upgrade your php8.2 packages. For the detailed security status of php8.2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/php8.2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Urgent notice on Debian security patches for PHP 8.2 tackling user validation vulnerabilities. Strongly advised for every user.. Debian Security, PHP Update, User Validation Issue. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 20, 2024 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200