—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA256<\/p>\n
====================================================================
\nRed Hat Security Advisory<\/p>\n
Synopsis: Important: rh-php73-php security and bug fix update
\nAdvisory ID: RHSA-2022:5491-01
\nProduct: Red Hat Software Collections
\nAdvisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:5491
\nIssue date: 2022-07-04
\nCVE Names: CVE-2021-21703 CVE-2021-21707 CVE-2022-31625
\nCVE-2022-31626
\n====================================================================
\n1. Summary:<\/p>\n
An update for rh-php73-php is now available for Red Hat Software
\nCollections.<\/p>\n
Red Hat Product Security has rated this update as having a security impact
\nof Important. A Common Vulnerability Scoring System (CVSS) base score,
\nwhich gives a detailed severity rating, is available for each vulnerability
\nfrom the CVE link(s) in the References section.<\/p>\n
2. Relevant releases\/architectures:<\/p>\n
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) – ppc64le, s390x, x86_64
\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) – x86_64<\/p>\n
3. Description:<\/p>\n
PHP is an HTML-embedded scripting language commonly used with the Apache
\nHTTP Server.<\/p>\n
Security Fix(es):<\/p>\n
* php: password of excessive length triggers buffer overflow leading to RCE
\n(CVE-2022-31626)<\/p>\n
* php: Local privilege escalation via PHP-FPM (CVE-2021-21703)<\/p>\n
* php: special character breaks path in xml parsing (CVE-2021-21707)<\/p>\n
* php: uninitialized array in pg_query_params() leading to RCE
\n(CVE-2022-31625)<\/p>\n
For more details about the security issue(s), including the impact, a CVSS
\nscore, acknowledgments, and other related information, refer to the CVE
\npage(s) listed in the References section.<\/p>\n
Bug Fix(es):<\/p>\n
* rh-php73: rebase to 7.3.33 (BZ#2100753)<\/p>\n
4. Solution:<\/p>\n
For details on how to apply this update, which includes the changes
\ndescribed in this advisory, refer to:<\/p>\n
https:\/\/access.redhat.com\/articles\/11258<\/p>\n
After installing the updated packages, the httpd daemon must be restarted
\nfor the update to take effect.<\/p>\n
5. Bugs fixed (https:\/\/bugzilla.redhat.com\/):<\/p>\n
2016535 – CVE-2021-21703 php: Local privilege escalation via PHP-FPM
\n2026045 – CVE-2021-21707 php: special character breaks path in xml parsing
\n2098521 – CVE-2022-31625 php: uninitialized array in pg_query_params() leading to RCE
\n2098523 – CVE-2022-31626 php: password of excessive length triggers buffer overflow leading to RCE
\n2100753 – rh-php73: rebase to 7.3.33 [rhscl-3.8.z]\n
6. Package List:<\/p>\n
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):<\/p>\n
Source:
\nrh-php73-php-7.3.33-1.el7.src.rpm<\/p>\n
ppc64le:
\nrh-php73-php-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-bcmath-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-cli-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-common-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-dba-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-dbg-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-debuginfo-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-devel-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-embedded-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-enchant-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-fpm-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-gd-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-gmp-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-intl-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-json-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-ldap-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-mbstring-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-mysqlnd-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-odbc-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-opcache-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-pdo-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-pgsql-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-process-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-pspell-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-recode-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-snmp-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-soap-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-xml-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-xmlrpc-7.3.33-1.el7.ppc64le.rpm
\nrh-php73-php-zip-7.3.33-1.el7.ppc64le.rpm<\/p>\n
s390x:
\nrh-php73-php-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-bcmath-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-cli-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-common-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-dba-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-dbg-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-debuginfo-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-devel-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-embedded-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-enchant-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-fpm-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-gd-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-gmp-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-intl-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-json-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-ldap-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-mbstring-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-mysqlnd-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-odbc-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-opcache-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-pdo-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-pgsql-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-process-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-pspell-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-recode-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-snmp-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-soap-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-xml-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-xmlrpc-7.3.33-1.el7.s390x.rpm
\nrh-php73-php-zip-7.3.33-1.el7.s390x.rpm<\/p>\n
x86_64:
\nrh-php73-php-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-cli-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-common-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-dba-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-devel-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-gd-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-intl-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-json-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-process-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-recode-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-soap-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-xml-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-zip-7.3.33-1.el7.x86_64.rpm<\/p>\n
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):<\/p>\n
Source:
\nrh-php73-php-7.3.33-1.el7.src.rpm<\/p>\n
x86_64:
\nrh-php73-php-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-cli-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-common-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-dba-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-devel-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-gd-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-intl-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-json-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-process-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-recode-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-soap-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-xml-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm
\nrh-php73-php-zip-7.3.33-1.el7.x86_64.rpm<\/p>\n
These packages are GPG signed by Red Hat for security. Our key and
\ndetails on how to verify the signature are available from
\nhttps:\/\/access.redhat.com\/security\/team\/key\/<\/p>\n
7. References:<\/p>\n
https:\/\/access.redhat.com\/security\/cve\/CVE-2021-21703
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2021-21707
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-31625
\nhttps:\/\/access.redhat.com\/security\/cve\/CVE-2022-31626
\nhttps:\/\/access.redhat.com\/security\/updates\/classification\/#important<\/p>\n
8. Contact:<\/p>\n
The Red Hat security contact is <secalert@redhat.com>. More contact
\ndetails at https:\/\/access.redhat.com\/security\/team\/contact\/<\/p>\n
Copyright 2022 Red Hat, Inc.
\n—–BEGIN PGP SIGNATURE—–
\nVersion: GnuPG v1<\/p>\n
iQIVAwUBYsLehtzjgjWX9erEAQiwyQ\/+PV7nIzWZKjc+4JLfk\/tF6u19j7lmxgo\/
\nrXR\/9UyeBFTas8Nd+19Q2xgJdEDheHED74zskj6lsMW8V8v7DEwP3QfbBrmsWAKl
\nHMahWfYEh6ZhpNMAxR1bc+z243unsHXb94b2Ed7oTNFewRxdkga1K+uhhvewfYaw
\n+yycxRapynaD0SUqtP6KDFirpX14iobazHynhVbiE1KMAv9pIkYlCLJmktnR18Pp
\n8UFEyGO05tovQqe38+9oVAFxnfq7f\/NTmrIJAOuYcS5Lu0B9g4yMrWWiL4XjmL3U
\nYWHhPm5dSRWXaKGF2JtCsQ7kShFcHj7pXnBQsoRT3GYimuYuZnR9fd3p6i1EUU6c
\n6oE8Uu5D2dH1iEdYtewohgTGYkUz\/IBT+f0d9Z6k0aQdroOGgczjBm8nc7pV580G
\n3ksyFzk58rOyPDlslrF0OtN2Xdq3Vn2InS\/EJeT6d1v0OMMn8Voezg7jE28jT\/qx
\n5tDKv98T4qD+IiurXBr\/PFEFkZxMzKFOo6MVtkIpLuJjPf2Guy\/8vO6KjUiR0ANE
\nGLtzbThZrV6js\/vurZr0oc7h+UdgcgVm69XlcUVi7rHij7WC0UOlbF0pYM+b805c
\nHU8AYV8+9FxSB88w49p2eg1iIn0CNfKi2YQL2Gyr4T9L09Eiuf\/y\/HrgwLg66t4X
\n4AC7K4v+QQw=KI2M
\n—–END PGP SIGNATURE—–
\n—
\nRHSA-announce mailing list
\nRHSA-announce@redhat.com
\nhttps:\/\/listman.redhat.com\/mailman\/listinfo\/rhsa-announce<\/p>\n","protected":false},"excerpt":{"rendered":"
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-php73-php security and bug fix update Advisory ID: RHSA-2022:5491-01 Product: Red Hat Software Collections Advisory URL: https:\/\/access.redhat.com\/errata\/RHSA-2022:5491 Issue date: 2022-07-04 CVE Names: CVE-2021-21703 CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 ==================================================================== 1. Summary: An update for rh-php73-php is now available for Red Hat Software Collections. Red …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-26526","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/26526","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=26526"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/26526\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=26526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=26526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=26526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}