Package "php8.1"

Name:	php8.1
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: Transitional package Transitional package HTML-embedded scripting language (Embedded SAPI library) Bcmath module for PHP
Latest version:	8.1.2-1ubuntu2.14
Release:	jammy (22.04)
Level:	security
Repository:	universe

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "php8.1" in Jammy

Repository	Area	Version
base	universe	8.1.2-1ubuntu2
base	main	8.1.2-1ubuntu2
security	main	8.1.2-1ubuntu2.14
updates	universe	8.1.2-1ubuntu2.15
updates	main	8.1.2-1ubuntu2.15
proposed	universe	8.1.2-1ubuntu2.16
proposed	main	8.1.2-1ubuntu2.16

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 8.1.2-1ubuntu2.14 2023-08-23 18:07:01 UTC

Version: 8.1.2-1ubuntu2.14	2023-08-23 18:07:01 UTC
php8.1 (8.1.2-1ubuntu2.14) jammy-security; urgency=medium * SECURITY UPDATE: Disclosure sensitive information - debian/patches/CVE-2023-3823.patch: sanitieze libxml2 globals before parsing in ext/dom/document.c, ext/dom/documentfragment.c, xml_global_state_entity_loader_bypass.phpt, ext/libxml/php_libxml.h, ext/simplexml/simplexml.c, xml_global_state_entity_loader_bypass.phpt, ext/soap/php_xml.c, ext/xml/compat.c, ext/xmlreader/php_xmlreader.c, xml_global_state_entity_loader_bypass.phpt, ext/xsl/xsltprocessor.c, ext/zend_test/test.c, ext/zend_test/test.stub.php. - CVE-2023-3823 * SECURITY UPDATE: Stack buffer overflow - debian/patches/CVE-2023-3824.patch: fix buffer mismanagement in phar_dir_read(), and in files ext/phar/dirstream.c, ext/phar/tests/GHSA-jqcx-ccgx-xwhv.phpt. - CVE-2023-3824 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 18 Aug 2023 08:41:11 -0300
Source diff to previous version

php8.1 (8.1.2-1ubuntu2.14) jammy-security; urgency=medium * SECURITY UPDATE: Disclosure sensitive information - debian/patches/CVE-2023-3823.patch: sanitieze libxml2 globals before parsing in ext/dom/document.c, ext/dom/documentfragment.c, xml_global_state_entity_loader_bypass.phpt, ext/libxml/php_libxml.h, ext/simplexml/simplexml.c, xml_global_state_entity_loader_bypass.phpt, ext/soap/php_xml.c, ext/xml/compat.c, ext/xmlreader/php_xmlreader.c, xml_global_state_entity_loader_bypass.phpt, ext/xsl/xsltprocessor.c, ext/zend_test/test.c, ext/zend_test/test.stub.php. - CVE-2023-3823 * SECURITY UPDATE: Stack buffer overflow - debian/patches/CVE-2023-3824.patch: fix buffer mismanagement in phar_dir_read(), and in files ext/phar/dirstream.c, ext/phar/tests/GHSA-jqcx-ccgx-xwhv.phpt. - CVE-2023-3824 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 18 Aug 2023 08:41:11 -0300

Source diff to previous version

Version: 8.1.2-1ubuntu2.13 2023-07-03 17:07:12 UTC

php8.1 (8.1.2-1ubuntu2.13) jammy-security; urgency=medium * SECURITY UPDATE: Missing error check and insufficient random bytes - debian/patches/CVE-2023-3247-1.patch: fixes missing randomness check and insufficient random byes for SOAP HTTP digest in ext/soap/php_http.c. - debian/patches/CVE-2023-3247-2.patch: fix wrong backporting of previous soap patch. - CVE-2023-3247 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 28 Jun 2023 11:01:49 -0300

Source diff to previous version

CVE-2023-3247

GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

Version: 8.1.2-1ubuntu2.11 2023-02-28 16:09:50 UTC

php8.1 (8.1.2-1ubuntu2.11) jammy-security; urgency=medium * SECURITY UPDATE: password_verify() accepts invalid Blowfish hashes - debian/patches/CVE-2023-0567-1.patch: fix validation of malformed BCrypt hashes in ext/standard/crypt_blowfish.c, ext/standard/tests/crypt/bcrypt_salt_dollar.phpt. - debian/patches/CVE-2023-0567-2.patch: fix possible buffer overread in php_crypt() in ext/standard/crypt.c, ext/standard/tests/password/password_bcrypt_short.phpt. - CVE-2023-0567 * SECURITY UPDATE: off-by-one in core path resolution function - debian/patches/CVE-2023-0568.patch: fix array overrun when appending slash to paths in ext/dom/document.c, ext/xmlreader/php_xmlreader.c, main/fopen_wrappers.c. - CVE-2023-0568 * SECURITY UPDATE: DoS via excessive number of parts in HTTP form upload - debian/patches/CVE-2023-0662-1.patch: introduce max_multipart_body_parts INI in main/main.c, main/rfc1867.c, sapi/fpm/tests/*, sapi/fpm/tests/tester.inc. - debian/patches/CVE-2023-0662-2.patch: fix repeated warning for file uploads limit exceeding in main/rfc1867.c. - CVE-2023-0662 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2023 17:56:18 -0500

Source diff to previous version

CVE-2023-0567	In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...
CVE-2023-0568	In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolv
CVE-2023-0662	In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consump

Version: 8.1.2-1ubuntu2.10	2023-01-23 15:07:22 UTC
`php8.1 (8.1.2-1ubuntu2.10) jammy-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-31631-*.patch: fix check unquotedlen size in ext/pdo_sqlite/sqlite_driver.c. - CVE-2022-31631 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 16 Jan 2023 12:19:49 -0300`
Source diff to previous version

Version: 8.1.2-1ubuntu2.8 2022-11-08 17:07:33 UTC

php8.1 (8.1.2-1ubuntu2.8) jammy-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2022-31628-1.patch: adding a recursion limit in ext/phar/phar.c, ext/phar/tests/bug81726.phpt. - debian/source/include-binaries: add ext/phar/tests/bug81726.gz. - debian/patches/CVE-2022-31628-2.patch: avoid a second check in ext/phar/phar.c. - CVE-2022-31628 * SECURITY UPDATE: Cookie injection - debian/patches/CVE-2022-31629.patch: don't mangle HTTP variable names that clash with ones that have a specific semantic meaning in ext/standard/test/bug81727.phpt, main/php_variables.c. - CVE-2022-31629 * SECURITY UPDATE: Out of bounds read - debian/patches/CVE-2022-31630.patch: adds validation in imageloadfont() for OOB in ext/gd/gd.c, ext/gd/tests/bug81739.phpt. - CVE-2022-31630 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2022-37454.patch: fixes buffer overflow in hash_update() on long parameter in ext/hash/sha3/generic32lc/KeccakSponge.inc, ext/hash/sha3/generic64lc/KeccakSponge.inc. - CVE-2022-37454 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 02 Nov 2022 10:35:25 -0300

CVE-2022-31628	In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infini
CVE-2022-31629	In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the
CVE-2022-37454	The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute

About - Send Feedback to @ubuntu_updates

Package "php8.1"

Links

Other versions of "php8.1" in Jammy

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates