Security update of PHP packages (February 2023)

News about new PHP releases (February 2023)

Dear all,

the APT repositories have been updated with the following upstream PHP releases:

  • php8.0 (8.0.36-1)
  • php8.1 (8.1.16-1)
  • php8.2 (8.2.3-1)

There were three security issues fixed in these releases:

  • CVE-2023-0567: Fixed bug #81744 (Password_verify() always return true with some hash).
  • CVE-2023-0568: Fixed bug #81746 (1-byte array overrun in common path resolve code).
  • CVE-2023-0662: Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body).

The fixes for these security issues have been backported to:

  • php5.6 (5.6.40-65)
  • php7.0 (7.0.33-65)
  • php7.1 (7.1.33-52)
  • php7.2 (7.2.34-38)
  • php7.3 (7.3.33-10)
  • php7.4 (7.4.33-5)

Please update your packages as the packages are built and available in the repository.