发布于3月6日3月6日 Members CentOS Linux: CVE-2023-0567: Important: php security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:C/A:N) Published 03/01/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. Solution(s) centos-upgrade-apcu-panel centos-upgrade-libzip centos-upgrade-libzip-debuginfo centos-upgrade-libzip-debugsource centos-upgrade-libzip-devel centos-upgrade-libzip-tools centos-upgrade-libzip-tools-debuginfo centos-upgrade-php centos-upgrade-php-bcmath centos-upgrade-php-bcmath-debuginfo centos-upgrade-php-cli centos-upgrade-php-cli-debuginfo centos-upgrade-php-common centos-upgrade-php-common-debuginfo centos-upgrade-php-dba centos-upgrade-php-dba-debuginfo centos-upgrade-php-dbg centos-upgrade-php-dbg-debuginfo centos-upgrade-php-debuginfo centos-upgrade-php-debugsource centos-upgrade-php-devel centos-upgrade-php-embedded centos-upgrade-php-embedded-debuginfo centos-upgrade-php-enchant centos-upgrade-php-enchant-debuginfo centos-upgrade-php-ffi centos-upgrade-php-ffi-debuginfo centos-upgrade-php-fpm centos-upgrade-php-fpm-debuginfo centos-upgrade-php-gd centos-upgrade-php-gd-debuginfo centos-upgrade-php-gmp centos-upgrade-php-gmp-debuginfo centos-upgrade-php-intl centos-upgrade-php-intl-debuginfo centos-upgrade-php-ldap centos-upgrade-php-ldap-debuginfo centos-upgrade-php-mbstring centos-upgrade-php-mbstring-debuginfo centos-upgrade-php-mysqlnd centos-upgrade-php-mysqlnd-debuginfo centos-upgrade-php-odbc centos-upgrade-php-odbc-debuginfo centos-upgrade-php-opcache centos-upgrade-php-opcache-debuginfo centos-upgrade-php-pdo centos-upgrade-php-pdo-debuginfo centos-upgrade-php-pear centos-upgrade-php-pecl-apcu centos-upgrade-php-pecl-apcu-debuginfo centos-upgrade-php-pecl-apcu-debugsource centos-upgrade-php-pecl-apcu-devel centos-upgrade-php-pecl-rrd centos-upgrade-php-pecl-rrd-debuginfo centos-upgrade-php-pecl-rrd-debugsource centos-upgrade-php-pecl-xdebug3 centos-upgrade-php-pecl-xdebug3-debuginfo centos-upgrade-php-pecl-xdebug3-debugsource centos-upgrade-php-pecl-zip centos-upgrade-php-pecl-zip-debuginfo centos-upgrade-php-pecl-zip-debugsource centos-upgrade-php-pgsql centos-upgrade-php-pgsql-debuginfo centos-upgrade-php-process centos-upgrade-php-process-debuginfo centos-upgrade-php-snmp centos-upgrade-php-snmp-debuginfo centos-upgrade-php-soap centos-upgrade-php-soap-debuginfo centos-upgrade-php-xml centos-upgrade-php-xml-debuginfo References CVE-2023-0567
