Fedora 38 : php (2023-984c26961f)

critical Nessus Plugin ID 179716

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-984c26961f advisory.

**PHP version 8.2.9** (03 Aug 2023)

**Build:**

* Fixed bug [GH-11522](https://github.com/php/php-src/issues/11522) (PHP version check fails with '-' separator). (SVGAnimate)

**CLI:**

* Fix interrupted CLI output causing the process to exit. (nielsdos)

**Core:**

* Fixed oss-fuzz php#60011 (Mis-compilation of by-reference nullsafe operator). (ilutov)
* Fixed line number of JMP instruction over else block. (ilutov)
* Fixed use-of-uninitialized-value with ??= on assert. (ilutov)
* Fixed oss-fuzz php#60411 (Fix double-compilation of arrow-functions). (ilutov)
* Fixed build for FreeBSD before the 11.0 releases. (David Carlier)

**Curl:**

* Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION. (nielsdos)

**Date:**

* Fixed bug [GH-11368](https://github.com/php/php-src/issues/11368) (Date modify returns invalid datetime). (Derick)
* Fixed bug [GH-11600](https://github.com/php/php-src/issues/11600) (Can't parse time strings which include (narrow) non-breaking space characters). (Derick)
* Fixed bug [GH-11854](https://github.com/php/php-src/issues/11854) (DateTime:createFromFormat stopped parsing datetime with extra space). (nielsdos, Derick)

**DOM:**

* Fixed bug [GH-11625](https://github.com/php/php-src/issues/11625) (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <></> depending on libxml2 version). (nielsdos)

**Fileinfo:**

* Fixed bug [GH-11298](https://github.com/php/php-src/issues/11298) (finfo returns wrong mime type for xz files). (Anatol)

**FTP:**

* Fix context option check for overwrite. (JonasQuinten)
* Fixed bug [GH-10562](https://github.com/php/php-src/issues/10562) (Memory leak and invalid state with consecutive ftp_nb_fget). (nielsdos)

**GD:**

* Fix most of the external libgd test failures. (Michael Orlitzky)

**Intl:**

* Fix memory leak in MessageFormatter::format() on failure. (Girgias)

**Libxml:**

* Fixed bug [GHSA-3qrf-m4j2-pcrr](https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr) (Security issue with external entity loading in XML without enabling it). (**CVE-2023-3823**) (nielsdos, ilutov)

**MBString:**

* Fix [GH-11300](https://github.com/php/php-src/issues/11300) (license issue: restricted unicode license headers). (nielsdos)

**Opcache:**

* Fixed bug [GH-10914](https://github.com/php/php-src/issues/10914) (OPCache with Enum and Callback functions results in segmentation fault). (nielsdos)
* Prevent potential deadlock if accelerated globals cannot be allocated. (nielsdos)

**PCNTL:**

* Fixed bug [GH-11498](https://github.com/php/php-src/issues/11498) (SIGCHLD is not always returned from proc_open). (nielsdos)

**PDO:**

* Fix [GH-11587](https://github.com/php/php-src/issues/11587) (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled). (SakiTakamachi)

**PDO SQLite:**

* Fix [GH-11492](https://github.com/php/php-src/issues/11492) (Make test failure:
ext/pdo_sqlite/tests/bug_42589.phpt). (KapitanOczywisty, CViniciusSDias)

**Phar:**

* Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos)
* Fixed bug [GHSA-jqcx-ccgc-xwhv](https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv) (Buffer mismanagement in phar_dir_read()). (**CVE-2023-3824**) (nielsdos)

**PHPDBG:**

* Fixed bug [GH-9669](https://github.com/php/php-src/issues/9669) (phpdbg -h options doesn't list the -z option). (adsr)

**Session:**

* Removed broken url support for transferring session ID. (ilutov)

**Standard:**

* Fix serialization of RC1 objects appearing in object graph twice. (ilutov) **Streams:**

* Fixed bug [GH-11735](https://github.com/php/php-src/issues/11735) (Use-after-free when unregistering user stream wrapper from itself). (ilutov)

**SQLite3:**

* Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos)

**XMLReader:**

* Fix [GH-11548](https://github.com/php/php-src/issues/11548) (Argument corruption when calling XMLReader::open or XMLReader::XML non-statically with observer active). (Bob)



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected php package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2023-984c26961f

Plugin Details

Severity: Critical

ID: 179716

File Name: fedora_2023-984c26961f.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/12/2023

Updated: 11/14/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-3824

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:38, p-cpe:/a:fedoraproject:fedora:php

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/3/2023

Vulnerability Publication Date: 8/2/2023

Reference Information

CVE: CVE-2023-3823, CVE-2023-3824

FEDORA: 2023-984c26961f

IAVA: 2023-A-0423-S