Fedora 40 : php (2024-5e8ae0def0)

medium Nessus Plugin ID 194645

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5e8ae0def0 advisory.

**PHP version 8.3.6** (11 Apr 2024)

**Core:**

* Fixed [GH-13569](https://github.com/php/php-src/issues/13569) (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). (Arnaud)
* Fixed bug [GH-13612](https://github.com/php/php-src/issues/13612) (Corrupted memory in destructor with weak references). (nielsdos)
* Fixed bug [GH-13446](https://github.com/php/php-src/issues/13446) (Restore exception handler after it finishes). (ilutov)
* Fixed bug [GH-13784](https://github.com/php/php-src/issues/13784) (AX_GCC_FUNC_ATTRIBUTE failure).
(Remi)
* Fixed bug [GH-13670](https://github.com/php/php-src/issues/13670) (GC does not scale well with a lot of objects created in destructor). (Arnaud)

**DOM:**

* Add some missing ZPP checks. (nielsdos)
* Fix potential memory leak in XPath evaluation results. (nielsdos)

**FPM:**

* Fixed [GH-11086](https://github.com/php/php-src/issues/11086) (FPM: config test runs twice in daemonised mode). (Jakub Zelenka)
* Fix incorrect check in fpm_shm_free(). (nielsdos)

**GD:**

* Fixed bug [GH-12019](https://github.com/php/php-src/issues/12019) (add GDLIB_CFLAGS in feature tests).
(Michael Orlitzky)

**Gettext:**

* Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL.
(David Carlier)

**MySQLnd:**

* Fix [GH-13452](https://github.com/php/php-src/issues/13452) (Fixed handshake response [mysqlnd]). (Saki Takamachi)
* Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

**Opcache:**

* Fixed [GH-13508](https://github.com/php/php-src/issues/13508) (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
* Fixed [GH-13712](https://github.com/php/php-src/issues/13712) (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

**Random:**

* Fixed bug [GH-13544](https://github.com/php/php-src/issues/13544) (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
* Fixed bug [GH-13690](https://github.com/php/php-src/issues/13690) (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

**Session:**

* Fixed bug [GH-13680](https://github.com/php/php-src/issues/13680) (Segfault with session_decode and compilation error). (nielsdos)

**SPL:**

* Fixed bug [GH-13685](https://github.com/php/php-src/issues/13685) (Unexpected null pointer in zend_string.h). (nielsdos)

**Standard:**

* Fixed bug [GH-11808](https://github.com/php/php-src/issues/11808) (Live filesystem modified by tests).
(nielsdos)
* Fixed [GH-13402](https://github.com/php/php-src/issues/13402) (Added validation of `\n` in $additional_headers of mail()). (SakiTakamachi)
* Fixed bug [GH-13203](https://github.com/php/php-src/issues/13203) (file_put_contents fail on strings over 4GB on Windows). (divinity76)
* Fixed bug [GHSA-pc52-254m-w9w7](https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7) (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
* Fixed bug [GHSA-wpj3-hf5j-x4v4](https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4) (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (**CVE-2024-2756**) (nielsdos)
* Fixed bug [GHSA-h746-cjrr-wfmr](https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr) (password_verify can erroneously return true, opening ATO risk). (**CVE-2024-3096**) (Jakub Zelenka) Fixed bug [GHSA-fjp9-9hwx-59fq](https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq) (mb_encode_mimeheader runs endlessly for some inputs). (**CVE-2024-2757**) (Alex Dowad)
* Fix bug [GH-13932](https://github.com/php/php-src/issues/13932) (Attempt to fix mbstring on windows build) (msvc). (David Carlier)




Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected php package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2024-5e8ae0def0

Plugin Details

Severity: Medium

ID: 194645

File Name: fedora_2024-5e8ae0def0.nasl

Version: 1.2

Type: local

Agent: unix

Published: 4/29/2024

Updated: 11/14/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2022-31629

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:40, p-cpe:/a:fedoraproject:fedora:php

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/10/2024

Vulnerability Publication Date: 9/28/2022

Reference Information

CVE: CVE-2022-31629, CVE-2024-1874, CVE-2024-2756, CVE-2024-2757, CVE-2024-3096

FEDORA: 2024-5e8ae0def0

IAVA: 2022-A-0397-S, 2024-A-0244-S