Slackware Local Security Checks : Slackware: Security Advisory (SSA:2022-304-02)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.13.2022.304.02

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2022-304-02)

Resumen: The remote host is missing an update for the 'php80/php81' package(s) announced via the SSA:2022-304-02 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php80/php81' package(s) announced via the SSA:2022-304-02 advisory.

Vulnerability Insight:
New php80/php81 packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
extra/php80/php80-8.0.25-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
[links moved to references]
(* Security fix *)
extra/php81/php81-8.1.12-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'php80/php81' package(s) on Slackware 15.0, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-31630
https://bugs.php.net/bug.php?id=81739
Common Vulnerability Exposure (CVE) ID: CVE-2022-37454
https://security.gentoo.org/glsa/202305-02
https://csrc.nist.gov/projects/hash-functions/sha-3-project
https://eprint.iacr.org/2023/331
https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
https://mouha.be/sha-3-buffer-overflow/
https://news.ycombinator.com/item?id=33281106
https://news.ycombinator.com/item?id=35050307
https://www.debian.org/security/2022/dsa-5267
https://www.debian.org/security/2022/dsa-5269

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.13.2022.304.02
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2022-304-02)
Resumen:	The remote host is missing an update for the 'php80/php81' package(s) announced via the SSA:2022-304-02 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php80/php81' package(s) announced via the SSA:2022-304-02 advisory. Vulnerability Insight: New php80/php81 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ extra/php80/php80-8.0.25-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: GD: OOB read due to insufficient input validation in imageloadfont(). Hash: buffer overflow in hash_update() on long parameter. For more information, see: [links moved to references] (* Security fix ) extra/php81/php81-8.1.12-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: GD: OOB read due to insufficient input validation in imageloadfont(). Hash: buffer overflow in hash_update() on long parameter. For more information, see: [links moved to references] ( Security fix *) +--------------------------+ Affected Software/OS: 'php80/php81' package(s) on Slackware 15.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-31630 https://bugs.php.net/bug.php?id=81739 Common Vulnerability Exposure (CVE) ID: CVE-2022-37454 https://security.gentoo.org/glsa/202305-02 https://csrc.nist.gov/projects/hash-functions/sha-3-project https://eprint.iacr.org/2023/331 https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658 https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/ https://mouha.be/sha-3-buffer-overflow/ https://news.ycombinator.com/item?id=33281106 https://news.ycombinator.com/item?id=35050307 https://www.debian.org/security/2022/dsa-5267 https://www.debian.org/security/2022/dsa-5269
Copyright	Copyright (C) 2022 Greenbone AG