Ubuntu has issued an advisory on July 3: https://ubuntu.com/security/notices/USN-6199-1 The issue is fixed upstream in 8.0.29: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw I see 8.0.29 checked into SVN, but no bug for it for some reason.
Status comment: (none) => Fixed upstream in 8.0.29
I guess I've forgotten to write a report. Now I don't get the file list from build system :(
apache-mod_php-8.0.29-1.mga8 php-bcmath-8.0.29-1.mga8 php-bz2-8.0.29-1.mga8 php-calendar-8.0.29-1.mga8 php-cgi-8.0.29-1.mga8 php-cli-8.0.29-1.mga8 php-ctype-8.0.29-1.mga8 php-curl-8.0.29-1.mga8 php-dba-8.0.29-1.mga8 phpdbg-8.0.29-1.mga8 php-devel-8.0.29-1.mga8 php-doc-8.0.29-1.mga8 php-dom-8.0.29-1.mga8 php-enchant-8.0.29-1.mga8 php-exif-8.0.29-1.mga8 php-fileinfo-8.0.29-1.mga8 php-filter-8.0.29-1.mga8 php-fpm-8.0.29-1.mga8 php-fpm-apache-8.0.29-1.mga8 php-fpm-nginx-8.0.29-1.mga8 php-ftp-8.0.29-1.mga8 php-gd-8.0.29-1.mga8 php-gettext-8.0.29-1.mga8 php-gmp-8.0.29-1.mga8 php-iconv-8.0.29-1.mga8 php-imap-8.0.29-1.mga8 php-ini-8.0.29-1.mga8 php-intl-8.0.29-1.mga8 php-ldap-8.0.29-1.mga8 php-mbstring-8.0.29-1.mga8 php-mysqli-8.0.29-1.mga8 php-mysqlnd-8.0.29-1.mga8 php-odbc-8.0.29-1.mga8 php-opcache-8.0.29-1.mga8 php-openssl-8.0.29-1.mga8 php-pcntl-8.0.29-1.mga8 php-pdo-8.0.29-1.mga8 php-pdo_dblib-8.0.29-1.mga8 php-pdo_firebird-8.0.29-1.mga8 php-pdo_mysql-8.0.29-1.mga8 php-pdo_odbc-8.0.29-1.mga8 php-pdo_pgsql-8.0.29-1.mga8 php-pdo_sqlite-8.0.29-1.mga8 php-pgsql-8.0.29-1.mga8 php-phar-8.0.29-1.mga8 php-posix-8.0.29-1.mga8 php-readline-8.0.29-1.mga8 php-session-8.0.29-1.mga8 php-shmop-8.0.29-1.mga8 php-snmp-8.0.29-1.mga8 php-soap-8.0.29-1.mga8 php-sockets-8.0.29-1.mga8 php-sodium-8.0.29-1.mga8 php-sqlite3-8.0.29-1.mga8 php-sysvmsg-8.0.29-1.mga8 php-sysvsem-8.0.29-1.mga8 php-sysvshm-8.0.29-1.mga8 php-tidy-8.0.29-1.mga8 php-tokenizer-8.0.29-1.mga8 php-xmlreader-8.0.29-1.mga8 php-xmlwriter-8.0.29-1.mga8 php-xsl-8.0.29-1.mga8 php-zip-8.0.29-1.mga8 php-zlib-8.0.29-1.mga8
CC: (none) => davidwhodgins
Updated php to fix a security vulnerability: Soap - Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (CVE-2023-3247) References: https://www.php.net/ChangeLog-8.php#8.0.29 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3247 https://ubuntu.com/security/notices/USN-6199-1 ======================== Updated packages in core/updates_testing: ======================== apache-mod_php-8.0.29-1.mga8 php-bcmath-8.0.29-1.mga8 php-bz2-8.0.29-1.mga8 php-calendar-8.0.29-1.mga8 php-cgi-8.0.29-1.mga8 php-cli-8.0.29-1.mga8 php-ctype-8.0.29-1.mga8 php-curl-8.0.29-1.mga8 php-dba-8.0.29-1.mga8 phpdbg-8.0.29-1.mga8 php-devel-8.0.29-1.mga8 php-doc-8.0.29-1.mga8 php-dom-8.0.29-1.mga8 php-enchant-8.0.29-1.mga8 php-exif-8.0.29-1.mga8 php-fileinfo-8.0.29-1.mga8 php-filter-8.0.29-1.mga8 php-fpm-8.0.29-1.mga8 php-fpm-apache-8.0.29-1.mga8 php-fpm-nginx-8.0.29-1.mga8 php-ftp-8.0.29-1.mga8 php-gd-8.0.29-1.mga8 php-gettext-8.0.29-1.mga8 php-gmp-8.0.29-1.mga8 php-iconv-8.0.29-1.mga8 php-imap-8.0.29-1.mga8 php-ini-8.0.29-1.mga8 php-intl-8.0.29-1.mga8 php-ldap-8.0.29-1.mga8 php-mbstring-8.0.29-1.mga8 php-mysqli-8.0.29-1.mga8 php-mysqlnd-8.0.29-1.mga8 php-odbc-8.0.29-1.mga8 php-opcache-8.0.29-1.mga8 php-openssl-8.0.29-1.mga8 php-pcntl-8.0.29-1.mga8 php-pdo-8.0.29-1.mga8 php-pdo_dblib-8.0.29-1.mga8 php-pdo_firebird-8.0.29-1.mga8 php-pdo_mysql-8.0.29-1.mga8 php-pdo_odbc-8.0.29-1.mga8 php-pdo_pgsql-8.0.29-1.mga8 php-pdo_sqlite-8.0.29-1.mga8 php-pgsql-8.0.29-1.mga8 php-phar-8.0.29-1.mga8 php-posix-8.0.29-1.mga8 php-readline-8.0.29-1.mga8 php-session-8.0.29-1.mga8 php-shmop-8.0.29-1.mga8 php-snmp-8.0.29-1.mga8 php-soap-8.0.29-1.mga8 php-sockets-8.0.29-1.mga8 php-sodium-8.0.29-1.mga8 php-sqlite3-8.0.29-1.mga8 php-sysvmsg-8.0.29-1.mga8 php-sysvsem-8.0.29-1.mga8 php-sysvshm-8.0.29-1.mga8 php-tidy-8.0.29-1.mga8 php-tokenizer-8.0.29-1.mga8 php-xmlreader-8.0.29-1.mga8 php-xmlwriter-8.0.29-1.mga8 php-xsl-8.0.29-1.mga8 php-zip-8.0.29-1.mga8 php-zlib-8.0.29-1.mga8 SRPM php-8.0.29-1.mga8.src.rpm
Assignee: mageia => qa-bugsCVE: (none) => CVE-2023-3247
MGA8-64 MATE on Acer Aspire 5253 No installation issues Refer to bug 31180 for testing: $ php -S localhost:8000 -t php [Tue Jul 11 10:13:55 2023] PHP 8.0.29 Development Server (http://localhost:8000) started [Tue Jul 11 10:14:39 2023] [::1]:50968 Accepted Then pointing firefox to http://localhost:8000/create-png.php and http://localhost:8000/sample.php displays correct image and text message. Works OK and get feedback at the CLI: [Tue Jul 11 10:14:39 2023] [::1]:50968 Accepted [Tue Jul 11 10:14:40 2023] [::1]:50968 [200]: GET /create-png.php [Tue Jul 11 10:14:40 2023] [::1]:50968 Closing [Tue Jul 11 10:14:41 2023] [::1]:50970 Accepted [Tue Jul 11 10:14:41 2023] [::1]:50970 [404]: GET /favicon.ico - No such file or directory [Tue Jul 11 10:14:41 2023] [::1]:50970 Closing [Tue Jul 11 10:15:11 2023] [::1]:57364 Accepted [Tue Jul 11 10:15:11 2023] [::1]:57364 [200]: GET /sample.php [Tue Jul 11 10:15:11 2023] [::1]:57364 Closing [Tue Jul 11 10:15:55 2023] [::1]:56950 Accepted [Tue Jul 11 10:15:55 2023] [::1]:56950 [200]: GET /sample.php [Tue Jul 11 10:15:55 2023] [::1]:56950 Closing Make sure httpd and mysqld are running, then start phpmyadmin, login, create a new database testphp8029 and create a new table with PK and unique key and timestamp and insert some values. All works OK, good to go.
CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK
Validating. Advisory in comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0234.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED