[El-errata] ELSA-2024-10952 Moderate: Oracle Linux 8 php:7.4 security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Dec 13 14:10:34 UTC 2024 

Oracle Linux Security Advisory ELSA-2024-10952

http://linux.oracle.com/errata/ELSA-2024-10952.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
apcu-panel-5.1.18-1.module+el8.10.0+90472+f810484b.noarch.rpm
libzip-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm
libzip-devel-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm
libzip-tools-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm
php-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-bcmath-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-cli-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-common-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-dba-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-dbg-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-devel-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-embedded-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-enchant-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-ffi-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-fpm-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-gd-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-gmp-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-intl-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-json-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-ldap-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-mbstring-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-mysqlnd-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-odbc-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-opcache-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-pdo-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.noarch.rpm
php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.x86_64.rpm
php-pecl-apcu-devel-5.1.18-1.module+el8.10.0+90472+f810484b.x86_64.rpm
php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm
php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.x86_64.rpm
php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.x86_64.rpm
php-pgsql-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-process-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-snmp-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-soap-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-xml-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm
php-xmlrpc-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm

aarch64:
apcu-panel-5.1.18-1.module+el8.10.0+90472+f810484b.noarch.rpm
libzip-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm
libzip-devel-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm
libzip-tools-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm
php-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-bcmath-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-cli-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-common-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-dba-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-dbg-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-devel-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-embedded-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-enchant-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-ffi-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-fpm-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-gd-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-gmp-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-intl-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-json-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-ldap-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-mbstring-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-mysqlnd-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-odbc-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-opcache-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-pdo-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.noarch.rpm
php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.aarch64.rpm
php-pecl-apcu-devel-5.1.18-1.module+el8.10.0+90472+f810484b.aarch64.rpm
php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm
php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.aarch64.rpm
php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.aarch64.rpm
php-pgsql-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-process-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-snmp-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-soap-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-xml-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
php-xmlrpc-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//libzip-1.6.1-1.module+el8.10.0+90472+f810484b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//php-7.4.33-2.module+el8.10.0+90472+f810484b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.src.rpm

Related CVEs:

CVE-2023-0567
CVE-2023-0568
CVE-2023-3247
CVE-2023-3823
CVE-2023-3824
CVE-2024-2756
CVE-2024-3096
CVE-2024-5458
CVE-2024-8925
CVE-2024-8927
CVE-2024-9026




Description of changes:

libzip
[1.6.1-1]
- update to 1.6.1
- enable lzma support

php
[7.4.33-2]
- fix low/moderate CVEs
  RHEL-66589
- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
  CVE-2024-8927
- Fix Logs from childrens may be altered
  CVE-2024-9026
- Fix Erroneous parsing of multipart form data
  CVE-2024-8925
- Fix filter bypass in filter_var FILTER_VALIDATE_URL
  CVE-2024-5458
- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
- Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096
- Fix Security issue with external entity loading in XML without enabling it
  CVE-2023-3823
- Fix Buffer mismanagement in phar_dir_read()
  CVE-2023-3824
- Fix Missing error check and insufficient random bytes in HTTP Digest
  authentication for SOAP
  CVE-2023-3247
- fix #81744: Password_verify() always return true with some hash
  CVE-2023-0567
- fix #81746: 1-byte array overrun in common path resolve code
  CVE-2023-0568
- fix DOS vulnerability when parsing multipart request body
  CVE-2023-0662

php-pear
[1:1.10.13-1]
- update PEAR to 1.10.13
- update Archive_Tar to 1.4.14

php-pecl-apcu
[5.1.18-1]
- update to 5.1.18

php-pecl-rrd
[2.0.1-1]
- build for RHEL 8

php-pecl-xdebug
php-pecl-zip
[1.18.2-1]
- update to 1.18.2

More information about the El-errata mailing list