Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.3381
php7.4 security update
11 July 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: php7.4
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-31626 CVE-2022-31625
Original Bulletin:
http://www.debian.org/security/2022/dsa-5179
Comment: CVSS (Max): 9.8 CVE-2022-31625 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5179-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 08, 2022 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : php7.4
CVE ID : CVE-2022-31625 CVE-2022-31626
Charles Fol discovered two security issues in PHP, a widely-used open
source general purpose scripting language which could result an denial of
service or potentially the execution of arbitrary code:
CVE-2022-31625
Incorrect memory handling in the pg_query_params() function.
CVE-2022-31626
A buffer overflow in the mysqld extension.
For the stable distribution (bullseye), these problems have been fixed in
version 7.4.30-1+deb11u1.
We recommend that you upgrade your php7.4 packages.
For the detailed security status of php7.4 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.4
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLIhOUACgkQEMKTtsN8
TjZfBBAAwCko5ME/Zmw2mY5JwE8q5WjHRlI6n1alkDS9i3IDfCkWa5jdYRuHc2ma
JrlRM7mg5/fBJHGQcbreajjXfSOumbVNyerfdKDw1+Z9Y07O8rl56d18hZDo1FtZ
CmBmz63V+441JiO17FEi3EpnlH7Uj3WQHYo5lfFn16+CnYHkEtwmIzGZ0qX+zc8r
UXLMQ8jR2bWB3+CcMU1nDH2whCI+htwJ1u5TEBhkw1/+a7qmXh/rxP3k1wiAT0FP
lhdlOQwCwCuvCp6sWd5y5dS3Rl10XOlEzlMRisMulsWFPW3fgtF1zSGrliBfgZro
D2dDVT93LEaE4OFBucRTcNKIyp/zr5ni92mIOFoFv/ex2635biHo8RzPETpj+/TC
wbmQt6oIMvYf/kFw9HL856qheJZbDSxT4pSxlkeBzEhwQslqr9uljdD0CKCKYNQ8
Tf4tbHmfIaGpptc+Di1YuPjCJKB/cO1/7c6s6GQT1E/vZFPMJonDWnv6wPcBKVr0
/WqCET3F4VtFW5K9vG3s9paUz26ghAV7fOcMDebR1sryCLOo7hrC59o2TsC+xXra
7gUIvYfC7IGYt+Z2gnYGUM9PFnCUEpahaZLaYxL79CRXocjmKDcJZ6rwzlU7Uewm
5dDplQjXrPsxi2ctG2d8h0laylrxRhDephgBRGkVDjsBm3+w3aw=
=I6lU
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYsuOrckNZI30y1K9AQjiBQ/+KO9fb207GmbU/8f67ovO9DB67nk/UBph
XXWEfujLyJ/HkZw+1GLoIXkDsMhYQo8Z+/uQUzP47CUjDxLVl17uTTLdRvOlSO+/
gtF3FYXdcLiLzfZyRc7l6HFFvVkG2k2+FJG0WmS/W8l2FrsURODFn/QkyaCv3b4d
I+i1Um6MESsCJRSzz1dgrlXKms2W+qLVtRSu5Yl29HuvK9BsWSWnlznAQoAAGHse
APGuMN3TteVny43mgm5L5GifHS6Ek5AhSX2sPSOcTKkdBbg1WTlt4GI12hmMAhMM
phnhnLNIyHjveNnuktDt46ngq9gNoLANkLV/uLOttaahBwRLwkTW/T7Nl885H703
oVi1bEMuGxs3NNRIg3wqMsTURgKAlMf+IR2wFbFnbylEYo38ktvYcfmeEaA23w9b
mVG4+RB4NxTpJg6K5LOoK9T++N6lKp43KIc5QHBaiRm+uyCsp/kijqCcauqguJQ3
VGv4Bw5kUCMQTwZpjVe0K6KbOZF3wMnIYjgHuc2Ge8ImPjF0MtlzXZE/GdO66NTL
xQPCdyWbVVY6sNyN3Iiv1soXUHjgkZiiu4zgAlePKzmxGRLrByUc57qhU4cV6djM
XoGfTT8vovqM9QAp+9GihmlJqwyamJ1vG9KMaaSTY63r5rr5E4qpF/LBlxYCpGRt
unS90Fi4kvE=
=GqgC
-----END PGP SIGNATURE-----