Lucene search

K
slackwareSlackware Linux ProjectSSA-2022-304-02
HistoryOct 31, 2022 - 11:47 p.m.

[slackware-security] php80/php81

2022-10-3123:47:05
Slackware Linux Project
www.slackware.com
17

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

26.6%

New php80/php81 packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:

extra/php80/php80-8.0.25-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
https://vulners.com/cve/CVE-2022-31630
https://vulners.com/cve/CVE-2022-37454
(* Security fix )
extra/php81/php81-8.1.12-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
https://vulners.com/cve/CVE-2022-31630
https://vulners.com/cve/CVE-2022-37454
(
Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php80/php80-8.0.25-i586-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php81/php81-8.1.12-i586-1_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php80/php80-8.0.25-x86_64-1_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php81/php81-8.1.12-x86_64-1_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/php80/php80-8.0.25-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/php81/php81-8.1.12-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/php80/php80-8.0.25-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/php81/php81-8.1.12-x86_64-1.txz

MD5 signatures:

Slackware 15.0 packages:
b23d70e401d447049d4ebddf9d0e9773 extra/php80/php80-8.0.25-i586-1_slack15.0.txz
4adcc9f0172babd3bbb6be4101cb0cff extra/php81/php81-8.1.12-i586-1_slack15.0.txz

Slackware x86_64 15.0 packages:
6713ebe18a904ee150696bab8ca7815a extra/php80/php80-8.0.25-x86_64-1_slack15.0.txz
15295194e9dd48c48c7baf7baec043a6 extra/php81/php81-8.1.12-x86_64-1_slack15.0.txz

Slackware -current packages:
a5c76cb0f98f399c0237473b4c4f5649 extra/php80/php80-8.0.25-i586-1.txz
754154a952fc39ee2186accd80490609 extra/php81/php81-8.1.12-i586-1.txz

Slackware x86_64 -current packages:
f18301c18eb474c6dc61d0f881edc2e3 extra/php80/php80-8.0.25-x86_64-1.txz
b9b216076ddcd7a7c1408b1b5f97286e extra/php81/php81-8.1.12-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg php80-8.0.25-i586-1_slack15.0.txz

Then, restart Apache httpd:
> /etc/rc.d/rc.httpd stop
> /etc/rc.d/rc.httpd start

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

26.6%