Fedora 38 : php (2024-39d50cc975)

medium Nessus Plugin ID 193553

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-39d50cc975 advisory.

**PHP version 8.2.18** (11 Apr 2024)

**Core:**

* Fixed bug [GH-13612](https://github.com/php/php-src/issues/13612) (Corrupted memory in destructor with weak references). (nielsdos)
* Fixed bug [GH-13784](https://github.com/php/php-src/issues/13784) (AX_GCC_FUNC_ATTRIBUTE failure).
(Remi)
* Fixed bug [GH-13670](https://github.com/php/php-src/issues/13670) (GC does not scale well with a lot of objects created in destructor). (Arnaud)

**DOM:**

* Add some missing ZPP checks. (nielsdos)
* Fix potential memory leak in XPath evaluation results. (nielsdos)
* Fix phpdoc for DOMDocument load methods. (VincentLanglet)

**FPM**

* Fix incorrect check in fpm_shm_free(). (nielsdos)

**GD:**

* Fixed bug [GH-12019](https://github.com/php/php-src/issues/12019) (add GDLIB_CFLAGS in feature tests).
(Michael Orlitzky)

**Gettext:**

* Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.
(David Carlier)

**MySQLnd:**

* Fix [GH-13452](https://github.com/php/php-src/issues/13452) (Fixed handshake response [mysqlnd]). (Saki Takamachi)
* Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

**Opcache:**

* Fixed [GH-13508](https://github.com/php/php-src/issues/13508) (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
* Fixed [GH-13712](https://github.com/php/php-src/issues/13712) (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

**PDO:**

* Fix various PDORow bugs. (Girgias)

**Random:**

* Fixed bug [GH-13544](https://github.com/php/php-src/issues/13544) (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
* Fixed bug [GH-13690](https://github.com/php/php-src/issues/13690) (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

**Session:**

* Fixed bug [GH-13680](https://github.com/php/php-src/issues/13680) (Segfault with session_decode and compilation error). (nielsdos)

**Sockets:**

* Fixed bug [GH-13604](https://github.com/php/php-src/issues/13604) (socket_getsockname returns random characters in the end of the socket name). (David Carlier)

**SPL:**

* Fixed bug [GH-13531](https://github.com/php/php-src/issues/13531) (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
* Fixed bug [GH-13685](https://github.com/php/php-src/issues/13685) (Unexpected null pointer in zend_string.h). (nielsdos)

**Standard:**

* Fixed bug [GH-11808](https://github.com/php/php-src/issues/11808) (Live filesystem modified by tests).
(nielsdos)
* Fixed [GH-13402](https://github.com/php/php-src/issues/13402) (Added validation of `\n` in $additional_headers of mail()). (SakiTakamachi)
* Fixed bug [GH-13203](https://github.com/php/php-src/issues/13203) (file_put_contents fail on strings over 4GB on Windows). (divinity76)
* Fixed bug [GHSA-pc52-254m-w9w7](https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7) (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
* Fixed bug [GHSA-wpj3-hf5j-x4v4](https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4) (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (**CVE-2024-2756**) (nielsdos)
* Fixed bug [GHSA-h746-cjrr-wfmr](https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr) (password_verify can erroneously return true, opening ATO risk). (**CVE-2024-3096**) (Jakub Zelenka)

**XML:**

* Fixed bug [GH-13517](https://github.com/php/php-src/issues/13517) (Multiple test failures when building with --with-expat). (nielsdos)


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected php package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2024-39d50cc975

Plugin Details

Severity: Medium

ID: 193553

File Name: fedora_2024-39d50cc975.nasl

Version: 1.3

Type: local

Agent: unix

Published: 4/19/2024

Updated: 11/14/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2022-31629

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:38, p-cpe:/a:fedoraproject:fedora:php

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/10/2024

Vulnerability Publication Date: 9/28/2022

Reference Information

CVE: CVE-2022-31629, CVE-2024-1874, CVE-2024-2756, CVE-2024-3096

FEDORA: 2024-39d50cc975

IAVA: 2022-A-0397-S, 2024-A-0244-S