Lucene search

K
mageiaGentoo FoundationMGASA-2022-0362
HistoryOct 08, 2022 - 11:22 p.m.

Updated php packages fix security vulnerability

2022-10-0823:22:22
Gentoo Foundation
advisories.mageia.org
81
php
packages
security
vulnerability
fix
bug
segmentation fault
cve-2022-31629
double free
error
dos
resource
reflectionfunction
closure
status line
unix

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.006

Percentile

79.3%

Core Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) Fixed bug GH-9361 (Segmentation fault on script exit #9379). Fixed bug GH-9407 (LSP error in eval’d code refers to wrong class for static type). Fixed bug #81727: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629) DOM Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free). FPM Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload). Fixed bug #77780 (“Headers already sent…” when previous connection was aborted). GMP Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). Intl Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). Phar Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628) PDO_PGSQL Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). Reflection Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). Fixed bug GH-9409 (Private method is incorrectly dumped as “overwrites”). Streams Fixed bug GH-9316 ($http_response_header is wrong for long status line).

OSVersionArchitecturePackageVersionFilename
Mageia8noarchphp< 8.0.24-1php-8.0.24-1.mga8

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.006

Percentile

79.3%