Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: John Helmert III <ajak@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202209-20 ] PHP: Multiple Vulnerabilities
Date: Thu, 29 Sep 2022 14:53:04
Message-Id: YzWuNvLZFEBH+1dT@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202209-20
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: PHP: Multiple Vulnerabilities
9 Date: September 29, 2022
10 Bugs: #799776, #810526, #819510, #833585, #850772, #857054
11 ID: 202209-20
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been discovered in PHP, the worst of which
19 could result in local root privilege escalation.
20
21 Background
22 ==========
23
24 PHP is a widely-used general-purpose scripting language that is
25 especially suited for Web development and can be embedded into HTML.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 dev-lang/php < 7.4.30:7.4 >= 7.4.30:7.4
34 < 8.0.23:8.0 >= 8.0.23:8.0
35 < 8.1.8:8.1 >= 8.1.8:8.1
36
37 Description
38 ===========
39
40 Multiple vulnerabilities have been discovered in PHP. Please review the
41 CVE identifiers referenced below for details.
42
43 Impact
44 ======
45
46 Please review the referenced CVE identifiers for details.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All PHP 7.4 users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.30:7.4"
60
61 All PHP 8.0 users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot --verbose ">=dev-lang/php-8.0.23:8.0"
65
66 All PHP 8.1 users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge --ask --oneshot --verbose ">=dev-lang/php-8.1.8:8.1"
70
71 References
72 ==========
73
74 [ 1 ] CVE-2021-21703
75 https://nvd.nist.gov/vuln/detail/CVE-2021-21703
76 [ 2 ] CVE-2021-21704
77 https://nvd.nist.gov/vuln/detail/CVE-2021-21704
78 [ 3 ] CVE-2021-21705
79 https://nvd.nist.gov/vuln/detail/CVE-2021-21705
80 [ 4 ] CVE-2021-21708
81 https://nvd.nist.gov/vuln/detail/CVE-2021-21708
82 [ 5 ] CVE-2022-31625
83 https://nvd.nist.gov/vuln/detail/CVE-2022-31625
84 [ 6 ] CVE-2022-31626
85 https://nvd.nist.gov/vuln/detail/CVE-2022-31626
86 [ 7 ] CVE-2022-31627
87 https://nvd.nist.gov/vuln/detail/CVE-2022-31627
88
89 Availability
90 ============
91
92 This GLSA and any updates to it are available for viewing at
93 the Gentoo Security Website:
94
95 https://security.gentoo.org/glsa/202209-20
96
97 Concerns?
98 =========
99
100 Security is a primary focus of Gentoo Linux and ensuring the
101 confidentiality and security of our users' machines is of utmost
102 importance to us. Any security concerns should be addressed to
103 security@g.o or alternatively, you may file a bug at
104 https://bugs.gentoo.org.
105
106 License
107 =======
108
109 Copyright 2022 Gentoo Foundation, Inc; referenced text
110 belongs to its owner(s).
111
112 The contents of this document are licensed under the
113 Creative Commons - Attribution / Share Alike license.
114
115 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups