Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0234)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0234

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0234)

Resumen: The remote host is missing an update for the 'php' package(s) announced via the MGASA-2022-0234 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php' package(s) announced via the MGASA-2022-0234 advisory.

Vulnerability Insight:
CLI -Fixed bug #8575 (CLI closes standard streams too early).
Core -Fixed Haiku ZTS builds.
Date -Fixed bug #8471 (Segmentation fault when converting immutable and
mutable DateTime instances created using reflection).
php-fpm - Fixed bug #72185 writes empty fcgi record causing nginx 502.
Mysqlnd - Fixed bug #81719: mysqlnd/pdo password buffer overflow.
(CVE-2022-31626)
OPcache - Fixed bug #8466 (ini_get() is optimized out when the option does
not exist).
Pcntl - Fixed Haiku build.
Pgsql - Fixed bug #81720: Uninitialized array in pg_query_params().
(CVE-2022-31625)
Soap - Fixed bug #8578 (Error on wrong parameter on SoapHeader
constructor).
Fixed bug #8538 (SoapClient may strip parts of nmtokens).
SPL - Fixed bug #8235 (iterator_count() may run indefinitely).
Zip - Fixed type for index in ZipArchive::replaceFile.

Affected Software/OS:
'php' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-31625
Debian Security Information: DSA-5179 (Google Search)
https://www.debian.org/security/2022/dsa-5179
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/
https://security.gentoo.org/glsa/202209-20
https://bugs.php.net/bug.php?id=81720
https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-31626
https://bugs.php.net/bug.php?id=81719

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0234
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0234)
Resumen:	The remote host is missing an update for the 'php' package(s) announced via the MGASA-2022-0234 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php' package(s) announced via the MGASA-2022-0234 advisory. Vulnerability Insight: CLI -Fixed bug #8575 (CLI closes standard streams too early). Core -Fixed Haiku ZTS builds. Date -Fixed bug #8471 (Segmentation fault when converting immutable and mutable DateTime instances created using reflection). php-fpm - Fixed bug #72185 writes empty fcgi record causing nginx 502. Mysqlnd - Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) OPcache - Fixed bug #8466 (ini_get() is optimized out when the option does not exist). Pcntl - Fixed Haiku build. Pgsql - Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) Soap - Fixed bug #8578 (Error on wrong parameter on SoapHeader constructor). Fixed bug #8538 (SoapClient may strip parts of nmtokens). SPL - Fixed bug #8235 (iterator_count() may run indefinitely). Zip - Fixed type for index in ZipArchive::replaceFile. Affected Software/OS: 'php' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-31625 Debian Security Information: DSA-5179 (Google Search) https://www.debian.org/security/2022/dsa-5179 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/ https://security.gentoo.org/glsa/202209-20 https://bugs.php.net/bug.php?id=81720 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html Common Vulnerability Exposure (CVE) ID: CVE-2022-31626 https://bugs.php.net/bug.php?id=81719
Copyright	Copyright (C) 2022 Greenbone AG