Slackware Local Security Checks : Slackware: Security Advisory (SSA:2022-304-02)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.13.2022.304.02

Kategorie: Slackware Local Security Checks

Titel: Slackware: Security Advisory (SSA:2022-304-02)

Zusammenfassung: The remote host is missing an update for the 'php80/php81' package(s) announced via the SSA:2022-304-02 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'php80/php81' package(s) announced via the SSA:2022-304-02 advisory.

Vulnerability Insight:
New php80/php81 packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
extra/php80/php80-8.0.25-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
[links moved to references]
(* Security fix *)
extra/php81/php81-8.1.12-i586-1_slack15.0.txz: Upgraded.
This update fixes security issues:
GD: OOB read due to insufficient input validation in imageloadfont().
Hash: buffer overflow in hash_update() on long parameter.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'php80/php81' package(s) on Slackware 15.0, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-31630
https://bugs.php.net/bug.php?id=81739
Common Vulnerability Exposure (CVE) ID: CVE-2022-37454
https://security.gentoo.org/glsa/202305-02
https://csrc.nist.gov/projects/hash-functions/sha-3-project
https://eprint.iacr.org/2023/331
https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658
https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/
https://mouha.be/sha-3-buffer-overflow/
https://news.ycombinator.com/item?id=33281106
https://news.ycombinator.com/item?id=35050307
https://www.debian.org/security/2022/dsa-5267
https://www.debian.org/security/2022/dsa-5269

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.13.2022.304.02
Kategorie:	Slackware Local Security Checks
Titel:	Slackware: Security Advisory (SSA:2022-304-02)
Zusammenfassung:	The remote host is missing an update for the 'php80/php81' package(s) announced via the SSA:2022-304-02 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'php80/php81' package(s) announced via the SSA:2022-304-02 advisory. Vulnerability Insight: New php80/php81 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ extra/php80/php80-8.0.25-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: GD: OOB read due to insufficient input validation in imageloadfont(). Hash: buffer overflow in hash_update() on long parameter. For more information, see: [links moved to references] (* Security fix ) extra/php81/php81-8.1.12-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: GD: OOB read due to insufficient input validation in imageloadfont(). Hash: buffer overflow in hash_update() on long parameter. For more information, see: [links moved to references] ( Security fix *) +--------------------------+ Affected Software/OS: 'php80/php81' package(s) on Slackware 15.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-31630 https://bugs.php.net/bug.php?id=81739 Common Vulnerability Exposure (CVE) ID: CVE-2022-37454 https://security.gentoo.org/glsa/202305-02 https://csrc.nist.gov/projects/hash-functions/sha-3-project https://eprint.iacr.org/2023/331 https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658 https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/ https://mouha.be/sha-3-buffer-overflow/ https://news.ycombinator.com/item?id=33281106 https://news.ycombinator.com/item?id=35050307 https://www.debian.org/security/2022/dsa-5267 https://www.debian.org/security/2022/dsa-5269
Copyright	Copyright (C) 2022 Greenbone AG