{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2021-21702: fix null pointer crash because of malformed\n SOAP server response\n- CVE-2021-21703: fix error in php fpm shared memory organization\n leading to privilage escalation\n- CVE-2022-31625: fix freeing of uninitialized memory leading to RCE\n- CVE-2022-31626: fix buffer overflow in mysqlnd driver leading to RCE\n- CVE-2023-0568: fix array overrun when appending slash to paths\n in DOM and XML cases\n- CVE-2023-0662: fix DOS vulnerabality by limiting number of parsed\n multipart body parts and printing upload limit exceed error\n message only once\n- CVE-2023-3823: fix external entity loading in XML without enabling it,\n by sanitizing libxml2 globals before parsing\n- CVE-2023-3824: fix buffer mismanagement in phar_dir_read()", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/cloudlinux7els/advisories/2025/clsa-2025_1753961203.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753961203", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753961203" } ], "tracking": { "current_release_date": "2025-08-12T12:40:27Z", "generator": { "date": "2025-08-12T12:40:27Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1753961203", "initial_release_date": "2025-07-31T11:26:45Z", "revision_history": [ { "date": "2025-07-31T11:26:45Z", "number": "1", "summary": "Initial version" }, { "date": "2025-08-12T12:40:27Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "php: Fix of 8 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CloudLinux 7", "product": { "name": "CloudLinux 7", "product_id": "CloudLinux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:cloudlinux:cloudlinux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "CloudLinux" } ], "category": "vendor", "name": "Cloud Linux Software, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-process@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-mysqlnd@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-dba@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-recode@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-xml@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-mbstring@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-ldap@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-bcmath@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-odbc@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-pdo@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-pgsql@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-intl@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-snmp@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-embedded@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-devel@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-enchant@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-pspell@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-xmlrpc@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-gd@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-fpm@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-soap@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-mysql@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-common@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product": { "name": "php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_id": "php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/php-cli@5.4.16-48.el7.tuxcare.els9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" }, { "category": "default_component_of", "full_product_name": { "name": "php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64 as a component of CloudLinux 7", "product_id": "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" }, "product_reference": "php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64", "relates_to_product_reference": "CloudLinux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-3824", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-3824" }, { "category": "external", "summary": "https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv", "url": "https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230825-0001/", "url": "https://security.netapp.com/advisory/ntap-20230825-0001/" } ], "release_date": "2023-08-11T06:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2023-0662", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-0662" }, { "category": "external", "summary": "https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv", "url": "https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230517-0001/", "url": "https://security.netapp.com/advisory/ntap-20230517-0001/" } ], "release_date": "2023-02-16T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-31626", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-31626" }, { "category": "external", "summary": "https://bugs.php.net/bug.php?id=81719", "url": "https://bugs.php.net/bug.php?id=81719" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html", "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202209-20", "url": "https://security.gentoo.org/glsa/202209-20" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20220722-0005/", "url": "https://security.netapp.com/advisory/ntap-20220722-0005/" }, { "category": "external", "summary": "https://www.debian.org/security/2022/dsa-5179", "url": "https://www.debian.org/security/2022/dsa-5179" } ], "release_date": "2022-06-16T06:15:00", "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK_ACCESSIBLE", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2021-21703", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "description", "text": "In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-21703" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2021/10/26/7", "url": "http://www.openwall.com/lists/oss-security/2021/10/26/7" }, { "category": "external", "summary": "https://bugs.php.net/bug.php?id=81026", "url": "https://bugs.php.net/bug.php?id=81026" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202209-20", "url": "https://security.gentoo.org/glsa/202209-20" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20211118-0003/", "url": "https://security.netapp.com/advisory/ntap-20211118-0003/" }, { "category": "external", "summary": "https://www.debian.org/security/2021/dsa-4992", "url": "https://www.debian.org/security/2021/dsa-4992" }, { "category": "external", "summary": "https://www.debian.org/security/2021/dsa-4993", "url": "https://www.debian.org/security/2021/dsa-4993" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuapr2022.html", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" } ], "release_date": "2021-10-25T06:15:00", "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL_ACCESS", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2021-21702", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-21702" }, { "category": "external", "summary": "https://bugs.php.net/bug.php?id=80672", "url": "https://bugs.php.net/bug.php?id=80672" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202105-23", "url": "https://security.gentoo.org/glsa/202105-23" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20210312-0005/", "url": "https://security.netapp.com/advisory/ntap-20210312-0005/" }, { "category": "external", "summary": "https://www.debian.org/security/2021/dsa-4856", "url": "https://www.debian.org/security/2021/dsa-4856" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuoct2021.html", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "category": "external", "summary": "https://www.tenable.com/security/tns-2021-14", "url": "https://www.tenable.com/security/tns-2021-14" } ], "release_date": "2021-02-15T04:15:00", "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK_ACCESSIBLE", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-3823", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "notes": [ { "category": "description", "text": "In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-3823" }, { "category": "external", "summary": "https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr", "url": "https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230825-0001/", "url": "https://security.netapp.com/advisory/ntap-20230825-0001/" } ], "release_date": "2023-08-11T06:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-0568", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "description", "text": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-0568" }, { "category": "external", "summary": "https://bugs.php.net/bug.php?id=81746", "url": "https://bugs.php.net/bug.php?id=81746" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230517-0001/", "url": "https://security.netapp.com/advisory/ntap-20230517-0001/" } ], "release_date": "2023-02-16T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-31625", "cwe": { "id": "CWE-590", "name": "Free of Memory not on the Heap" }, "notes": [ { "category": "description", "text": "In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-31625" }, { "category": "external", "summary": "https://bugs.php.net/bug.php?id=81720", "url": "https://bugs.php.net/bug.php?id=81720" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html", "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202209-20", "url": "https://security.gentoo.org/glsa/202209-20" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20220722-0005/", "url": "https://security.netapp.com/advisory/ntap-20220722-0005/" }, { "category": "external", "summary": "https://www.debian.org/security/2022/dsa-5179", "url": "https://www.debian.org/security/2022/dsa-5179" } ], "release_date": "2022-06-16T06:15:00", "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK_ACCESSIBLE", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CloudLinux-7:php-process-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysqlnd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-dba-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-recode-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xml-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mbstring-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-ldap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-bcmath-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-odbc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pdo-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pgsql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-intl-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-snmp-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-embedded-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-devel-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-enchant-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-pspell-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-xmlrpc-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-gd-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-fpm-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-soap-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-mysql-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-common-0:5.4.16-48.el7.tuxcare.els9.x86_64", "CloudLinux-7:php-cli-0:5.4.16-48.el7.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }