Download
| Alert*
oval:org.secpod.oval:def:705691
php7.4: server-side, HTML-embedded scripting language - php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:89000118 This update for php7 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with openssl_encrypt function with 12 bytes IV, only first 7 bytes of the IV was used . - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing ... oval:org.secpod.oval:def:76632 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. oval:org.secpod.oval:def:605443 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, information disclosure, cookie forgery or incorrect encryption. oval:org.secpod.oval:def:2003693 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. oval:org.secpod.oval:def:1505215 libzip php [7.4.19-1] - rebase to 7.4.19 #1944110 oval:org.secpod.oval:def:67033 php7.4: server-side, HTML-embedded scripting language - php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:2500993 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. oval:org.secpod.oval:def:69874 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, information disclosure, cookie forgery or incorrect encryption. oval:org.secpod.oval:def:2106194 Oracle Solaris 11 - ( CVE-2020-7069 ) oval:org.secpod.oval:def:506281 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php73-php . Security Fix: * php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV * php: FILTER_VALIDATE_URL accepts URLs with ... oval:org.secpod.oval:def:1601207 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. In PHP versions 7.2.x below ... oval:org.secpod.oval:def:118777 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:506466 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV * php: FILTER_VALIDATE_URL accepts URLs with invalid ... oval:org.secpod.oval:def:4501298 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV * php: FILTER_VALIDATE_URL accepts URLs with invalid ... oval:org.secpod.oval:def:76224 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV * php: FILTER_VALIDATE_URL accepts URLs with invalid ... oval:org.secpod.oval:def:705726 php7.4: server-side, HTML-embedded scripting language Details: USN-4583-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.10. Original advisory Several security issues were fixed in PHP. oval:org.secpod.oval:def:3300866 SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:89047906 This update for php7 fixes the following issues: - Version update to 7.2.34 [jsc#SLE-23639] - CVE-2022-37454: Fixed SHA-3 buffer overflow . - Fix integer overflow in PHP_SHA3##bits . oval:org.secpod.oval:def:89047905 This update for php7 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont . - CVE-2022-37454: Fixed buffer overflow in hash_update on long parameter . - Version update to 7.4.32 - CVE-2022-31628: Fix ... oval:org.secpod.oval:def:3300388 SUSE Security Update: Security update for php7 |