FEDORA-2023-d12ff09d38 — security update for php

stable

php-8.1.16-1.fc36

FEDORA-2023-d12ff09d38 created by remi 2 years ago for Fedora 36

PHP version 8.1.16 (14 Feb 2023)

Core:

Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567). (Tim Düsterhus)
Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568). (Niels Dossche)
Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) (Jakub Zelenka)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-d12ff09d38

This update has been submitted for testing by remi.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago

remi edited this update.

2 years ago

remi edited this update.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

2 years ago

in testing

2 years ago

in stable

2 years ago

modified

2 years ago

approved

2 years ago

Builds

php-8.1.16-1.fc36

BZ#2170761 CVE-2023-0662 php: DoS vulnerability when parsing multipart request body

BZ#2170770 CVE-2023-0568 php: 1-byte array overrun in common path resolve code

BZ#2170771 CVE-2023-0567 php: Password_verify() always return true with some hash

BZ#2170775 CVE-2023-0567 php: Password_verify() always return true with some hash [fedora-36]

BZ#2170777 CVE-2023-0662 php: DoS vulnerability when parsing multipart request body [fedora-36]

BZ#2170779 CVE-2023-0568 php: 1-byte array overrun in common path resolve code [fedora-36]

php-8.1.16-1.fc36

Automated Test Results

ignored