RHSA-2007:0088 Red Hat Security Advisory: php security update

Bulletin has no description...

RHSA-2006:0731 Red Hat Security Advisory: php security update

Bulletin has no description...

RHSA-2007:0076 Red Hat Security Advisory: php security update

Bulletin has no description...

OESA-2024-2085 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Medium: php8.1

Issue Overview: The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/138...

CLSA-2024-1720547899 Update of alt-php

Resolve multiple test failures - debian/rules: re-build test certificates before dhautotest, remove silencing of failing tests - debian/control: build-depend on libnsspem to be able to read PEM certificates in build-nss - debian/patches/update-test-certs-generation.patch: update keysize and diges...

CLSA-2024-1718192341 Update of alt-php

Bump epoch Disable ESM notification after installation: - remove ESM hook for apt-system - remove ESM infra/apps repositories from apt sources list Automatically mark some pytest to skip if FIPS kernel is running in a disabled state they always fail in this mode...

TellYouThePass Ransomware Exploits Critical PHP Flaw, Patch NOW

Urgent alert for PHP users: Update your server immediately to protect against the newly exploited CVE-2024-4577 by TellYouThePass…...

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.29-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: Bypass of CVE-2012-1823, Argument Injection in PHP-CGI...

SUSE-SU-2024:1445-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure bsc1222857 - CVE-2024-3096: Fixed bypass on null byte leading passwords checked via passwordverify bsc1222858...

USN-6305-2 php7.0, php7.2, php7.4 vulnerabilities

USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to...

CLSA-2024-1705941083 Update of alt-php

Update ca-certificates database to 20231207: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.64. - The following certificares were updated: Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - The following certificates authoriti...

Medium: php

Issue Overview: Several flaws has been found in php. The pdofirebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the...

Important: php

Issue Overview: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

CLSA-2023-1693420133 Update of alt-php

Fixed possible memory leak - debian/patches/fix-possible-memory-leak.patch: added DestroyDrawInfo call when StringToList returns error...

DSA-5425-1 php8.2 - security update

Bulletin has no description...

CLSA-2023-1684824309 Update of alt-php

Universal build for Ubuntu/Debian...

CLSA-2023-1684823891 Update of alt-php

Universal build for Ubuntu/Debian...

MGASA-2023-0013 Updated php packages fix security vulnerability

Update to php version 8.0.27 fixes PDO/SQLite, where PDO::quote may return unquoted string See referenced changelog for other changes...

new module: php:8.0

An update is available for php-pear, php-pecl-rrd, php, php-pecl-apcu, libzip, php-pecl-xdebug3, php-pecl-zip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Th...