Debian Bug report logs -
#1031368
php82: CVE-2023-0567 CVE-2023-0568 CVE-2023-0662
Package:
src:php82;
Maintainer for src:php82 is Debian PHP Maintainers <team+pkg-php@trackerdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 15 Feb 2023 21:30:02 UTC
Severity: grave
Tags: security, upst ...
Synopsis
Important: php security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for php is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...
Synopsis
Important: php:80 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the php:80 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update a ...
Synopsis
Moderate: php:81 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the php:81 module is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in denial of
service or incorrect validation of BCrypt hashes
For the stable distribution (bullseye), these problems have been fixed in
version 7433-1+deb11u3
We recommend that you upgrade your php74 packages
For the det ...
In PHP 80X before 8028, 81X before 8116 and 82X before 823, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries This can cause denial of service on the affected server by exhausting CPU resources or disk space (CVE-2023-0662) ...
DescriptionThe MITRE CVE dictionary describes this issue as: In PHP 80X before 8028, 81X before 8116 and 82X before 823, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries This can cause denial of service on the affected server by exhausting CPU resources or disk space ...
An issue was discovered in Oniguruma 620, as used in Oniguruma-mod in Ruby through 241 and mbstring in PHP through 715 A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition An incorrect state transition in parse_char_class() could cre ...
In PHP 80X before 8028, 81X before 8116 and 82X before 823, password_verify() function may accept some invalid Blowfish hashes as valid If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid (CVE-2023-0567)
In PHP 80X before 8028, 81X before 8116 ...
In PHP 80X before 8028, 81X before 8116 and 82X before 823, password_verify() function may accept some invalid Blowfish hashes as valid If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid (CVE-2023-0567)
In PHP 80X before 8028, 81X before 8116 ...
In PHP 80X before 8028, 81X before 8116 and 82X before 823, password_verify() function may accept some invalid Blowfish hashes as valid If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid (CVE-2023-0567)
In PHP 80X before 8028, 81X before 8116 ...
Vulmon