View Issue Details

IDProjectCategoryView StatusLast Update
0000177Rocky-Linux-8phppublic2025-04-14 07:25
ReporterBenedict Rosner Assigned ToLouis Abel  
PrioritynormalSeveritytweakReproducibilityalways
Status closedResolutionsuspended 
Summary0000177: php-7.4 - yum updateinfo shows RLSA-2022:5467 even tho patch is merged
Descriptionyum updateinfo --list gives me the following list:
Last metadata expiration check: 3:09:04 ago on Tue 09 Aug 2022 07:04:44 AM CEST.
RLSA-2022:5467 Important/Sec. php-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64
RLSA-2022:5467 Important/Sec. php-cli-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64
RLSA-2022:5467 Important/Sec. php-common-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64
RLSA-2022:5467 Important/Sec. php-fpm-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64
RLSA-2022:5467 Important/Sec. php-gd-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64
RLSA-2022:5467 Important/Sec. php-ldap-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64
RLSA-2022:5467 Important/Sec. php-mbstring-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64
RLSA-2022:5467 Important/Sec. php-opcache-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64
RLSA-2022:5467 Important/Sec. php-pdo-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64
RLSA-2022:5467 Important/Sec. php-xml-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64

You can see that the patch was included in the changelog:

yum changelog php
Last metadata expiration check: 0:00:05 ago on Tue 09 Aug 2022 11:24:55 AM CEST.
Listing all changelogs
Changelogs for php-7.4.19-3.module+el8.6.0+990+389ef54a.x86_64
* Wed Jun 22 12:00:00 AM 2022 Remi Collet <rcollet@redhat.com> - 7.4.19-3
- fix password of excessive length triggers buffer overflow leading to RCE
  CVE-2022-31626
...

https://errata.rockylinux.org/RLSA-2022:5467 shows the installed version to be affected:
php-7.4.19-3.module+el8.6.0+990+389ef54a.x86_64.rpm

Steps To Reproduceinstall php-7.4 module
run yum update
check with yum updateinfo --list
this will show a couple of critical patches
TagsNo tags attached.

Activities

Louis Abel

Louis Abel

2025-04-14 07:25

administrator   ~0009806

Closing due to ticket age and errata system changes are taking place at the resf github. https://github.com/resf/distro-tools/tree/main/apollo

Issue History

Date Modified Username Field Change
2022-08-09 09:41 Benedict Rosner New Issue
2025-04-14 07:25 Louis Abel Assigned To => Louis Abel
2025-04-14 07:25 Louis Abel Status new => closed
2025-04-14 07:25 Louis Abel Resolution open => suspended
2025-04-14 07:25 Louis Abel Note Added: 0009806