Gentoo FoundationMGASA-2022-0234Updated php packages fix security vulnerability
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.7%
CLI -Fixed bug #8575 (CLI closes standard streams too early). Core -Fixed Haiku ZTS builds. Date -Fixed bug #8471 (Segmentation fault when converting immutable and mutable DateTime instances created using reflection). php-fpm - Fixed bug #72185 writes empty fcgi record causing nginx 502. Mysqlnd - Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) OPcache - Fixed bug #8466 (ini_get() is optimized out when the option does not exist). Pcntl - Fixed Haiku build. Pgsql - Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) Soap - Fixed bug #8578 (Error on wrong parameter on SoapHeader constructor). Fixed bug #8538 (SoapClient may strip parts of nmtokens). SPL - Fixed bug #8235 (iterator_count() may run indefinitely). Zip - Fixed type for index in ZipArchive::replaceFile.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | php | < 8.0.20-3 | php-8.0.20-3.mga8 |
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.7%