Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.3381 php7.4 security update 11 July 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php7.4 Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-31626 CVE-2022-31625 Original Bulletin: http://www.debian.org/security/2022/dsa-5179 Comment: CVSS (Max): 9.8 CVE-2022-31625 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5179-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 08, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : php7.4 CVE ID : CVE-2022-31625 CVE-2022-31626 Charles Fol discovered two security issues in PHP, a widely-used open source general purpose scripting language which could result an denial of service or potentially the execution of arbitrary code: CVE-2022-31625 Incorrect memory handling in the pg_query_params() function. CVE-2022-31626 A buffer overflow in the mysqld extension. For the stable distribution (bullseye), these problems have been fixed in version 7.4.30-1+deb11u1. We recommend that you upgrade your php7.4 packages. For the detailed security status of php7.4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLIhOUACgkQEMKTtsN8 TjZfBBAAwCko5ME/Zmw2mY5JwE8q5WjHRlI6n1alkDS9i3IDfCkWa5jdYRuHc2ma JrlRM7mg5/fBJHGQcbreajjXfSOumbVNyerfdKDw1+Z9Y07O8rl56d18hZDo1FtZ CmBmz63V+441JiO17FEi3EpnlH7Uj3WQHYo5lfFn16+CnYHkEtwmIzGZ0qX+zc8r UXLMQ8jR2bWB3+CcMU1nDH2whCI+htwJ1u5TEBhkw1/+a7qmXh/rxP3k1wiAT0FP lhdlOQwCwCuvCp6sWd5y5dS3Rl10XOlEzlMRisMulsWFPW3fgtF1zSGrliBfgZro D2dDVT93LEaE4OFBucRTcNKIyp/zr5ni92mIOFoFv/ex2635biHo8RzPETpj+/TC wbmQt6oIMvYf/kFw9HL856qheJZbDSxT4pSxlkeBzEhwQslqr9uljdD0CKCKYNQ8 Tf4tbHmfIaGpptc+Di1YuPjCJKB/cO1/7c6s6GQT1E/vZFPMJonDWnv6wPcBKVr0 /WqCET3F4VtFW5K9vG3s9paUz26ghAV7fOcMDebR1sryCLOo7hrC59o2TsC+xXra 7gUIvYfC7IGYt+Z2gnYGUM9PFnCUEpahaZLaYxL79CRXocjmKDcJZ6rwzlU7Uewm 5dDplQjXrPsxi2ctG2d8h0laylrxRhDephgBRGkVDjsBm3+w3aw= =I6lU - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYsuOrckNZI30y1K9AQjiBQ/+KO9fb207GmbU/8f67ovO9DB67nk/UBph XXWEfujLyJ/HkZw+1GLoIXkDsMhYQo8Z+/uQUzP47CUjDxLVl17uTTLdRvOlSO+/ gtF3FYXdcLiLzfZyRc7l6HFFvVkG2k2+FJG0WmS/W8l2FrsURODFn/QkyaCv3b4d I+i1Um6MESsCJRSzz1dgrlXKms2W+qLVtRSu5Yl29HuvK9BsWSWnlznAQoAAGHse APGuMN3TteVny43mgm5L5GifHS6Ek5AhSX2sPSOcTKkdBbg1WTlt4GI12hmMAhMM phnhnLNIyHjveNnuktDt46ngq9gNoLANkLV/uLOttaahBwRLwkTW/T7Nl885H703 oVi1bEMuGxs3NNRIg3wqMsTURgKAlMf+IR2wFbFnbylEYo38ktvYcfmeEaA23w9b mVG4+RB4NxTpJg6K5LOoK9T++N6lKp43KIc5QHBaiRm+uyCsp/kijqCcauqguJQ3 VGv4Bw5kUCMQTwZpjVe0K6KbOZF3wMnIYjgHuc2Ge8ImPjF0MtlzXZE/GdO66NTL xQPCdyWbVVY6sNyN3Iiv1soXUHjgkZiiu4zgAlePKzmxGRLrByUc57qhU4cV6djM XoGfTT8vovqM9QAp+9GihmlJqwyamJ1vG9KMaaSTY63r5rr5E4qpF/LBlxYCpGRt unS90Fi4kvE= =GqgC -----END PGP SIGNATURE-----