FEDORA-2023-d12ff09d38 — security update for php

stable

php-8.1.16-1.fc36

FEDORA-2023-d12ff09d38 created by remi a month ago for Fedora 36

PHP version 8.1.16 (14 Feb 2023)

Core:

Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567). (Tim Düsterhus)
Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568). (Niels Dossche)
Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) (Jakub Zelenka)

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2023-d12ff09d38

This update has been submitted for testing by remi.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

This update has been pushed to testing.

a month ago

remi edited this update.

a month ago

remi edited this update.

a month ago

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Builds

php-8.1.16-1.fc36

Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

a month ago

in testing

a month ago

in stable

a month ago

modified

a month ago

approved

a month ago

BZ#2170761 CVE-2023-0662 php: DoS vulnerability when parsing multipart request body

BZ#2170770 CVE-2023-0568 php: 1-byte array overrun in common path resolve code

BZ#2170771 CVE-2023-0567 php: Password_verify() always return true with some hash

BZ#2170775 CVE-2023-0567 php: Password_verify() always return true with some hash [fedora-36]

BZ#2170777 CVE-2023-0662 php: DoS vulnerability when parsing multipart request body [fedora-36]

BZ#2170779 CVE-2023-0568 php: 1-byte array overrun in common path resolve code [fedora-36]

php-8.1.16-1.fc36

Automated Test Results

ignored