Test ID:	1.3.6.1.4.1.25623.1.0.886595
Category:	Fedora Local Security Checks
Title:	Fedora: Security Advisory (FEDORA-2024-5e8ae0def0)
Summary:	The remote host is missing an update for the 'php' package(s) announced via the FEDORA-2024-5e8ae0def0 advisory.
Description:	Summary: The remote host is missing an update for the 'php' package(s) announced via the FEDORA-2024-5e8ae0def0 advisory. Vulnerability Insight: **PHP version 8.3.6** (11 Apr 2024) **Core:** * Fixed [GH-13569]([link moved to references]) (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). (Arnaud) * Fixed bug [GH-13612]([link moved to references]) (Corrupted memory in destructor with weak references). (nielsdos) * Fixed bug [GH-13446]([link moved to references]) (Restore exception handler after it finishes). (ilutov) * Fixed bug [GH-13784]([link moved to references]) (AX_GCC_FUNC_ATTRIBUTE failure). (Remi) * Fixed bug [GH-13670]([link moved to references]) (GC does not scale well with a lot of objects created in destructor). (Arnaud) **DOM:** * Add some missing ZPP checks. (nielsdos) * Fix potential memory leak in XPath evaluation results. (nielsdos) **FPM:** * Fixed [GH-11086]([link moved to references]) (FPM: config test runs twice in daemonised mode). (Jakub Zelenka) * Fix incorrect check in fpm_shm_free(). (nielsdos) **GD:** * Fixed bug [GH-12019]([link moved to references]) (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky) **Gettext:** * Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier) **MySQLnd:** * Fix [GH-13452]([link moved to references]) (Fixed handshake response [mysqlnd]). (Saki Takamachi) * Fix incorrect charset length in check_mb_eucjpms(). (nielsdos) **Opcache:** * Fixed [GH-13508]([link moved to references]) (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry) * Fixed [GH-13712]([link moved to references]) (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob) **Random:** * Fixed bug [GH-13544]([link moved to references]) (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla) * Fixed bug [GH-13690]([link moved to references]) (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla) **Session:** * Fixed bug [GH-13680]([link moved to references]) (Segfault with session_decode and compilation error). (nielsdos) **SPL:** * Fixed bug [GH-13685]([link moved to references]) (Unexpected null pointer in zend_string.h). (nielsdos) **Standard:** * Fixed bug [GH-11808]([link moved to references]) (Live filesystem modified by tests). (nielsdos) * Fixed [GH-13402]([link moved to references]) (Added validation of `\n` in $additional_headers of mail()). (SakiTakamachi) * Fixed bug [GH-13203]([link moved to references]) (file_put_contents fail on strings over 4GB on Windows). (divinity76) * Fixed bug [GHSA-pc52-254m-w9w7]([link moved to references]) (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka) * Fixed bug [GHSA-wpj3-hf5j-x4v4]([link moved to references]) (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (**CVE-2024-2756**) (nielsdos) * Fixed bug [GHSA-h746-cjrr-wfmr]([link moved to ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'php' package(s) on Fedora 40. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-31629 Debian Security Information: DSA-5277 (Google Search) https://www.debian.org/security/2022/dsa-5277 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSJVPJTX7T3J5V7XHR4MFNHZGP44R5XE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY/ https://security.gentoo.org/glsa/202211-03 https://bugs.php.net/bug.php?id=81727 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html http://www.openwall.com/lists/oss-security/2024/04/12/11 Common Vulnerability Exposure (CVE) ID: CVE-2024-1874 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 http://www.openwall.com/lists/oss-security/2024/06/07/1 Common Vulnerability Exposure (CVE) ID: CVE-2024-2756 https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2024-2757 https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq Common Vulnerability Exposure (CVE) ID: CVE-2024-3096 https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.