Release Info

Advisory: CLSA-2024:1706700142

OS: CentOS 7 ELS

Public date: 2024-01-31 06:22:24

Project: php

Version: 5.4.16-48.el7.tuxcare.els1

Errata link: https://errata.tuxcare.com/centos7-els/CLSA-2024-1706700142.html

Changelog

- CVE-2021-21702: Fix null pointer crash because of malformed SOAP server response - CVE-2021-21703: Fix error in php fpm shared memory organization leading to privilage escalation - CVE-2022-31625: Fix freeing of uninitialized memory leading to RCE - CVE-2022-31626: Fix buffer overflow in mysqlnd driver leading to RCE - CVE-2023-0568: Fix array overrun when appending slash to paths in DOM and XML cases - CVE-2023-0662: Fix DOS vulnerabality by limiting number of parsed multipart body parts and printing upload limit exceed error message only once - CVE-2023-3823: Fix external entity loading in XML without enabling it, by sanitizing libxml2 globals before parsing - CVE-2023-3824: Fix buffer mismanagement in phar_dir_read()

Update

Update command: yum update php*

Packages list

php-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-bcmath-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-cli-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-common-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-dba-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-devel-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-embedded-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-enchant-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-fpm-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-gd-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-intl-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-ldap-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-mbstring-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-mysql-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-mysqlnd-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-odbc-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-pdo-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-pgsql-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-process-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-pspell-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-recode-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-snmp-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-soap-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-xml-5.4.16-48.el7.tuxcare.els1.x86_64.rpm php-xmlrpc-5.4.16-48.el7.tuxcare.els1.x86_64.rpm

CVEs

CVE-2023-3824
CVE-2021-21702
CVE-2022-31625
CVE-2023-0662
CVE-2023-0568
CVE-2023-3823
CVE-2022-31626
CVE-2021-21703