Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-66589

php:7.4 update for low/moderate security

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-8.10.z
    • None
    • php-7.4-module
    • None
    • None
    • Rebase
    • rhel-sst-cs-stacks
    • ssg_core_services
    • 3
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None

      List of CVE needing backport

       

      From 8.1.30

      • CVE-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision
      • CVE-2024-9026 Logs from childrens may be altered
      • CVE-2024-8925 Erroneous parsing of multipart form data

      From 8.1.29

      • CVE-2024-5458 Filter bypass in filter_var FILTER_VALIDATE_URL

      From 8.1.28

      • CVE-2024-2756 {}Host-/{_}_Secure- cookie bypass due to partial CVE-2022-31629 fix
      • CVE-2024-3096 password_verify can erroneously return true, opening ATO risk

      From 8.0.30

      • CVE-2023-3823 Security issue with external entity loading in XML without enabling i
      • CVE-2023-3824 Buffer mismanagement in phar_dir_read()

      From 8.0.29

      • CVE-2023-3247 Missing error check and insufficient random  bytes in HTTP Digest authentication for SOAP

      From 8.0.28

      • CVE-2023-0567 Password_verify() always return true with some hash
      • CVE-2023-0568 1-byte array overrun in common path resolve code
      • CVE-2023-0662 DOS vulnerability when parsing multipart request body

              rcollet@redhat.com Remi Collet
              rcollet@redhat.com Remi Collet
              Remi Collet Remi Collet
              Iveta Cesalova Iveta Cesalova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: