发布于3月6日3月6日 Members Rocky Linux: CVE-2023-0567: php-8.1 (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:C/A:N) Published 03/01/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. Solution(s) rocky-upgrade-libzip rocky-upgrade-libzip-debuginfo rocky-upgrade-libzip-debugsource rocky-upgrade-libzip-devel rocky-upgrade-libzip-tools rocky-upgrade-libzip-tools-debuginfo rocky-upgrade-php rocky-upgrade-php-bcmath rocky-upgrade-php-bcmath-debuginfo rocky-upgrade-php-cli rocky-upgrade-php-cli-debuginfo rocky-upgrade-php-common rocky-upgrade-php-common-debuginfo rocky-upgrade-php-dba rocky-upgrade-php-dba-debuginfo rocky-upgrade-php-dbg rocky-upgrade-php-dbg-debuginfo rocky-upgrade-php-debuginfo rocky-upgrade-php-debugsource rocky-upgrade-php-devel rocky-upgrade-php-embedded rocky-upgrade-php-embedded-debuginfo rocky-upgrade-php-enchant rocky-upgrade-php-enchant-debuginfo rocky-upgrade-php-ffi rocky-upgrade-php-ffi-debuginfo rocky-upgrade-php-fpm rocky-upgrade-php-fpm-debuginfo rocky-upgrade-php-gd rocky-upgrade-php-gd-debuginfo rocky-upgrade-php-gmp rocky-upgrade-php-gmp-debuginfo rocky-upgrade-php-intl rocky-upgrade-php-intl-debuginfo rocky-upgrade-php-ldap rocky-upgrade-php-ldap-debuginfo rocky-upgrade-php-mbstring rocky-upgrade-php-mbstring-debuginfo rocky-upgrade-php-mysqlnd rocky-upgrade-php-mysqlnd-debuginfo rocky-upgrade-php-odbc rocky-upgrade-php-odbc-debuginfo rocky-upgrade-php-opcache rocky-upgrade-php-opcache-debuginfo rocky-upgrade-php-pdo rocky-upgrade-php-pdo-debuginfo rocky-upgrade-php-pecl-apcu rocky-upgrade-php-pecl-apcu-debuginfo rocky-upgrade-php-pecl-apcu-debugsource rocky-upgrade-php-pecl-apcu-devel rocky-upgrade-php-pecl-rrd rocky-upgrade-php-pecl-rrd-debuginfo rocky-upgrade-php-pecl-rrd-debugsource rocky-upgrade-php-pecl-xdebug3 rocky-upgrade-php-pecl-xdebug3-debuginfo rocky-upgrade-php-pecl-xdebug3-debugsource rocky-upgrade-php-pecl-zip rocky-upgrade-php-pecl-zip-debuginfo rocky-upgrade-php-pecl-zip-debugsource rocky-upgrade-php-pgsql rocky-upgrade-php-pgsql-debuginfo rocky-upgrade-php-process rocky-upgrade-php-process-debuginfo rocky-upgrade-php-snmp rocky-upgrade-php-snmp-debuginfo rocky-upgrade-php-soap rocky-upgrade-php-soap-debuginfo rocky-upgrade-php-xml rocky-upgrade-php-xml-debuginfo References https://attackerkb.com/topics/cve-2023-0567 CVE - 2023-0567 https://errata.rockylinux.org/RLSA-2023:5926 https://errata.rockylinux.org/RLSA-2023:5927 https://errata.rockylinux.org/RLSA-2024:0387
