Oracle Linux Security Advisory ELSA-2024-10952 http://linux.oracle.com/errata/ELSA-2024-10952.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: apcu-panel-5.1.18-1.module+el8.10.0+90472+f810484b.noarch.rpm libzip-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm libzip-devel-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm libzip-tools-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm php-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-bcmath-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-cli-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-common-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-dba-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-dbg-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-devel-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-embedded-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-enchant-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-ffi-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-fpm-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-gd-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-gmp-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-intl-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-json-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-ldap-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-mbstring-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-mysqlnd-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-odbc-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-opcache-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-pdo-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.noarch.rpm php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.x86_64.rpm php-pecl-apcu-devel-5.1.18-1.module+el8.10.0+90472+f810484b.x86_64.rpm php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.x86_64.rpm php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.x86_64.rpm php-pgsql-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-process-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-snmp-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-soap-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-xml-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm php-xmlrpc-7.4.33-2.module+el8.10.0+90472+f810484b.x86_64.rpm aarch64: apcu-panel-5.1.18-1.module+el8.10.0+90472+f810484b.noarch.rpm libzip-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm libzip-devel-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm libzip-tools-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm php-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-bcmath-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-cli-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-common-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-dba-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-dbg-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-devel-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-embedded-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-enchant-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-ffi-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-fpm-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-gd-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-gmp-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-intl-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-json-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-ldap-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-mbstring-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-mysqlnd-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-odbc-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-opcache-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-pdo-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.noarch.rpm php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.aarch64.rpm php-pecl-apcu-devel-5.1.18-1.module+el8.10.0+90472+f810484b.aarch64.rpm php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.aarch64.rpm php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.aarch64.rpm php-pgsql-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-process-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-snmp-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-soap-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-xml-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm php-xmlrpc-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//libzip-1.6.1-1.module+el8.10.0+90472+f810484b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-7.4.33-2.module+el8.10.0+90472+f810484b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.src.rpm Related CVEs: CVE-2023-0567 CVE-2023-0568 CVE-2023-3247 CVE-2023-3823 CVE-2023-3824 CVE-2024-2756 CVE-2024-3096 CVE-2024-5458 CVE-2024-8925 CVE-2024-8927 CVE-2024-9026 Description of changes: libzip [1.6.1-1] - update to 1.6.1 - enable lzma support php [7.4.33-2] - fix low/moderate CVEs RHEL-66589 - Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927 - Fix Logs from childrens may be altered CVE-2024-9026 - Fix Erroneous parsing of multipart form data CVE-2024-8925 - Fix filter bypass in filter_var FILTER_VALIDATE_URL CVE-2024-5458 - Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 - Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096 - Fix Security issue with external entity loading in XML without enabling it CVE-2023-3823 - Fix Buffer mismanagement in phar_dir_read() CVE-2023-3824 - Fix Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP CVE-2023-3247 - fix #81744: Password_verify() always return true with some hash CVE-2023-0567 - fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568 - fix DOS vulnerability when parsing multipart request body CVE-2023-0662 php-pear [1:1.10.13-1] - update PEAR to 1.10.13 - update Archive_Tar to 1.4.14 php-pecl-apcu [5.1.18-1] - update to 5.1.18 php-pecl-rrd [2.0.1-1] - build for RHEL 8 php-pecl-xdebug php-pecl-zip [1.18.2-1] - update to 1.18.2 _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata