ELSA-2024-10952

ELSA-2024-10952 - php:7.4 security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-12-12

Description

libzip
[1.6.1-1]
- update to 1.6.1
- enable lzma support

php
[7.4.33-2]
- fix low/moderate CVEs
RHEL-66589
- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
CVE-2024-8927
- Fix Logs from childrens may be altered
CVE-2024-9026
- Fix Erroneous parsing of multipart form data
CVE-2024-8925
- Fix filter bypass in filter_var FILTER_VALIDATE_URL
CVE-2024-5458
- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
CVE-2024-2756
- Fix password_verify can erroneously return true opening ATO risk
CVE-2024-3096
- Fix Security issue with external entity loading in XML without enabling it
CVE-2023-3823
- Fix Buffer mismanagement in phar_dir_read()
CVE-2023-3824
- Fix Missing error check and insufficient random bytes in HTTP Digest
authentication for SOAP
CVE-2023-3247
- fix #81744: Password_verify() always return true with some hash
CVE-2023-0567
- fix #81746: 1-byte array overrun in common path resolve code
CVE-2023-0568
- fix DOS vulnerability when parsing multipart request body
CVE-2023-0662

php-pear
[1:1.10.13-1]
- update PEAR to 1.10.13
- update Archive_Tar to 1.4.14

php-pecl-apcu
[5.1.18-1]
- update to 5.1.18

php-pecl-rrd
[2.0.1-1]
- build for RHEL 8

php-pecl-xdebug
php-pecl-zip
[1.18.2-1]
- update to 1.18.2

Related CVEs

CVE-2024-2756

CVE-2024-5458

CVE-2024-8925

CVE-2023-3824

CVE-2023-3823

CVE-2024-9026

CVE-2024-8927

CVE-2023-0567

CVE-2023-3247

CVE-2023-0568

CVE-2024-3096

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	libzip-1.6.1-1.module+el8.10.0+90472+f810484b.src.rpm	eb7e709c7e0a3eb839ec1b302f3a2b9b	-	ol8_aarch64_appstream
	php-7.4.33-2.module+el8.10.0+90472+f810484b.src.rpm	544ab6fd3173e771907de5323fdd90b9	-	ol8_aarch64_appstream
	php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.src.rpm	e801c4eac76c655d690c8c46f4153ce6	-	ol8_aarch64_appstream
	php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.src.rpm	33546d18487634f5bd6634562e77e395	-	ol8_aarch64_appstream
	php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.src.rpm	ec22092bf62505a75613c19bebf872da	-	ol8_aarch64_appstream
	php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.src.rpm	9d200d0732a50f61f1841365d1878bac	-	ol8_aarch64_appstream
	php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.src.rpm	1c55c541f744fe801e7999e589081026	-	ol8_aarch64_appstream
	apcu-panel-5.1.18-1.module+el8.10.0+90472+f810484b.noarch.rpm	98bb74de1a748a7f5a4c2bbf9194b89c	-	ol8_aarch64_appstream
	libzip-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm	ed417ab21afe91b447f9c7df920b395c	-	ol8_aarch64_appstream
	libzip-devel-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm	ee9a7e1af6875741923912604dbbd560	-	ol8_aarch64_appstream
	libzip-tools-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm	c0233a8fe1827528997b41dc35ada705	-	ol8_aarch64_appstream
	php-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	009d0e00a0490cd1cb95de0d969c013a	-	ol8_aarch64_appstream
	php-bcmath-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	3ffb365c6b12347374eec36e72886e92	-	ol8_aarch64_appstream
	php-cli-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	31d62c2325cc04d2baa14cb9b23830dc	-	ol8_aarch64_appstream
	php-common-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	4694b9d0a5e683ab7d61b47d8a7c3d2c	-	ol8_aarch64_appstream
	php-dba-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	c373a10e4fd201f3c717fb13edf16249	-	ol8_aarch64_appstream
	php-dbg-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	ee46e7e48ea8b67091d7200774069c30	-	ol8_aarch64_appstream
	php-devel-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	3ec8934369d806e21ec8a0ce88a2d2c1	-	ol8_aarch64_appstream
	php-embedded-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	da5eac9655e916dcf782e396085f2aac	-	ol8_aarch64_appstream
	php-enchant-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	31b97e20a32000b4bc093a98add50bf7	-	ol8_aarch64_appstream
	php-ffi-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	80552fa474061ec429790d1f25d4f75c	-	ol8_aarch64_appstream
	php-fpm-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	d497c09545f20dce4e19eab4cb94af45	-	ol8_aarch64_appstream
	php-gd-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	2adbb9a1ed0198feb93925b28ce72100	-	ol8_aarch64_appstream
	php-gmp-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	ef559861d68a54df6f6f504ed7cb6090	-	ol8_aarch64_appstream
	php-intl-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	f590f75d83ac1f120c515fb6cfceab64	-	ol8_aarch64_appstream
	php-json-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	a0e2674ccb15fd29eecd68797fcf8bc8	-	ol8_aarch64_appstream
	php-ldap-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	7470c223252fa7ff69e2b38b1c6874ab	-	ol8_aarch64_appstream
	php-mbstring-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	02b40f1b2e3e2279b13801184a33e0f5	-	ol8_aarch64_appstream
	php-mysqlnd-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	aea18f15b4f35d8cdc9d80807f3ee1f1	-	ol8_aarch64_appstream
	php-odbc-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	adab2c0ba19f10e4c9b0977a02d3c86b	-	ol8_aarch64_appstream
	php-opcache-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	a08bb7def97e59cc52a58964b379afa2	-	ol8_aarch64_appstream
	php-pdo-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	261a52bf8429c24082626d732443a512	-	ol8_aarch64_appstream
	php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.noarch.rpm	43a887d351262af7c14764c778a2e43e	-	ol8_aarch64_appstream
	php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.aarch64.rpm	62c01b79e109939576b4e6b7fc06245e	-	ol8_aarch64_appstream
	php-pecl-apcu-devel-5.1.18-1.module+el8.10.0+90472+f810484b.aarch64.rpm	97a64a2a7cd50517a2d92b4ed709fecd	-	ol8_aarch64_appstream
	php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm	1d0cd5e5d6a33099b13a70bc63201763	-	ol8_aarch64_appstream
	php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.aarch64.rpm	a0a0bce39b72666cdc814245e7d05e6e	-	ol8_aarch64_appstream
	php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.aarch64.rpm	8f8ccf5333966564d6e6eeed207d42d0	-	ol8_aarch64_appstream
	php-pgsql-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	e4d6073cc7aa4bc00e6d746accc2c78c	-	ol8_aarch64_appstream
	php-process-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	ef5b2d547af726711218c992e2a24dcf	-	ol8_aarch64_appstream
	php-snmp-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	c91bbcce1043cff771e7fdd69cff7c17	-	ol8_aarch64_appstream
	php-soap-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	ae0c1f40fbe31519e019206d05b03ba2	-	ol8_aarch64_appstream
	php-xml-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	1fa0f3733099a61909087fa900269638	-	ol8_aarch64_appstream
	php-xmlrpc-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm	c20b02c7949d4a46dc483eabef986fb7	-	ol8_aarch64_appstream
Oracle Linux 8 (x86_64)	libzip-1.6.1-1.module+el8.10.0+90472+f810484b.src.rpm	eb7e709c7e0a3eb839ec1b302f3a2b9b	-	ol8_x86_64_appstream
	php-7.4.33-2.module+el8.10.0+90472+f810484b.src.rpm	544ab6fd3173e771907de5323fdd90b9	-	ol8_x86_64_appstream
	php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.src.rpm	e801c4eac76c655d690c8c46f4153ce6	-	ol8_x86_64_appstream
	php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.src.rpm	33546d18487634f5bd6634562e77e395	-	ol8_x86_64_appstream
	php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.src.rpm	ec22092bf62505a75613c19bebf872da	-	ol8_x86_64_appstream
	php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.src.rpm	9d200d0732a50f61f1841365d1878bac	-	ol8_x86_64_appstream
	php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.src.rpm	1c55c541f744fe801e7999e589081026	-	ol8_x86_64_appstream
	apcu-panel-5.1.18-1.module+el8.10.0+90472+f810484b.noarch.rpm	98bb74de1a748a7f5a4c2bbf9194b89c	-	ol8_x86_64_appstream
	libzip-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm	c4127536ea30c3ab002d72d0ed31aa0c	-	ol8_x86_64_appstream
	libzip-devel-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm	2ebb348eb01c8a8a27ee670c5911780e	-	ol8_x86_64_appstream
	libzip-tools-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm	82534094469a9c2e96f771f09e99eb7a	-	ol8_x86_64_appstream
	php-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	f7039680d60ac4b448e6d2c904726688	-	ol8_x86_64_appstream
	php-bcmath-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	f04b6696726f21fa70b48da67317196d	-	ol8_x86_64_appstream
	php-cli-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	3adf0b7d12728b9216f98aac7208ddbb	-	ol8_x86_64_appstream
	php-common-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	520ca8bd2d9f0423195f72c9289a44a4	-	ol8_x86_64_appstream
	php-dba-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	f335336d2faae9c13ac019d368ab1471	-	ol8_x86_64_appstream
	php-dbg-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	6aa5215a689d5502e48138529bfe9b94	-	ol8_x86_64_appstream
	php-devel-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	0198a60b6909c9afec32778148aa90db	-	ol8_x86_64_appstream
	php-embedded-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	ff2d4ac77d749202f23beed35d1329c3	-	ol8_x86_64_appstream
	php-enchant-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	21cf5d0804c502533142d11ebea42fab	-	ol8_x86_64_appstream
	php-ffi-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	ade69562e3e1f07f5324d5635124aeae	-	ol8_x86_64_appstream
	php-fpm-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	b3bdca4218c857ab82fc20388ecd2ec6	-	ol8_x86_64_appstream
	php-gd-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	a21ae7fee82951396fa3a2210a0e6949	-	ol8_x86_64_appstream
	php-gmp-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	5f21b5403bb07620f8b27ad38067f99d	-	ol8_x86_64_appstream
	php-intl-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	7be42c2726cd1525737e2c14a411d2c5	-	ol8_x86_64_appstream
	php-json-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	1b6cf752384616f4276638d82c90a5ee	-	ol8_x86_64_appstream
	php-ldap-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	3c1473f806c36570da12e40513968c56	-	ol8_x86_64_appstream
	php-mbstring-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	35b931eacdd1cdb2906f133f3719c403	-	ol8_x86_64_appstream
	php-mysqlnd-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	5b92ba3b713ea7ec8557160e06355c4d	-	ol8_x86_64_appstream
	php-odbc-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	cd43537807c59e80c371c9b31058b63a	-	ol8_x86_64_appstream
	php-opcache-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	3427022edf306dc06d3b15c882b7f61c	-	ol8_x86_64_appstream
	php-pdo-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	81f71f0ada5bd6d7ccca8496035ca093	-	ol8_x86_64_appstream
	php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.noarch.rpm	43a887d351262af7c14764c778a2e43e	-	ol8_x86_64_appstream
	php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.x86_64.rpm	29b8741a89a1b0528ebce2a8644a8932	-	ol8_x86_64_appstream
	php-pecl-apcu-devel-5.1.18-1.module+el8.10.0+90472+f810484b.x86_64.rpm	5ad71c010fdcd3f710b8a20592a5f30e	-	ol8_x86_64_appstream
	php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm	657de2e70d5c742a5aea85a7349d9b58	-	ol8_x86_64_appstream
	php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.x86_64.rpm	8d42d0eb551c706de52f7a97a070f19d	-	ol8_x86_64_appstream
	php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.x86_64.rpm	96375b19be820ac86bdba000c1afc95a	-	ol8_x86_64_appstream
	php-pgsql-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	91e9400153d2488036ba4a384b412c52	-	ol8_x86_64_appstream
	php-process-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	b3032fc746ef2e943f184cbebdd2ddad	-	ol8_x86_64_appstream
	php-snmp-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	00f76138855f3c8c12225038478eee0a	-	ol8_x86_64_appstream
	php-soap-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	5861fdb55a16014e8cde2381605a38d2	-	ol8_x86_64_appstream
	php-xml-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	f7f595223716fc8a4d9dbf8b654199e9	-	ol8_x86_64_appstream
	php-xmlrpc-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm	098ae6fd86376cc021478b20ce35b6d9	-	ol8_x86_64_appstream