An update for php is now available for HCE 2.0

HCE2-SA-2023-0215 An update for php is now available for HCE 2.0 Important HCE 2.0 Security Fix(es): In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. (CVE-2023-0568) In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. (CVE-2023-0662) The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date. (CVE-2022-31631) In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. (CVE-2023-0567) HCE 2.0 php-8.0.28-1.hce2.aarch64.rpm php-bcmath-8.0.28-1.hce2.aarch64.rpm php-cli-8.0.28-1.hce2.aarch64.rpm php-common-8.0.28-1.hce2.aarch64.rpm php-dba-8.0.28-1.hce2.aarch64.rpm php-dbg-8.0.28-1.hce2.aarch64.rpm php-devel-8.0.28-1.hce2.aarch64.rpm php-embedded-8.0.28-1.hce2.aarch64.rpm php-enchant-8.0.28-1.hce2.aarch64.rpm php-ffi-8.0.28-1.hce2.aarch64.rpm php-fpm-8.0.28-1.hce2.aarch64.rpm php-gd-8.0.28-1.hce2.aarch64.rpm php-gmp-8.0.28-1.hce2.aarch64.rpm php-help-8.0.28-1.hce2.aarch64.rpm php-intl-8.0.28-1.hce2.aarch64.rpm php-ldap-8.0.28-1.hce2.aarch64.rpm php-mbstring-8.0.28-1.hce2.aarch64.rpm php-mysqlnd-8.0.28-1.hce2.aarch64.rpm php-odbc-8.0.28-1.hce2.aarch64.rpm php-opcache-8.0.28-1.hce2.aarch64.rpm php-pdo-8.0.28-1.hce2.aarch64.rpm php-pgsql-8.0.28-1.hce2.aarch64.rpm php-process-8.0.28-1.hce2.aarch64.rpm php-snmp-8.0.28-1.hce2.aarch64.rpm php-soap-8.0.28-1.hce2.aarch64.rpm php-tidy-8.0.28-1.hce2.aarch64.rpm php-xml-8.0.28-1.hce2.aarch64.rpm php-8.0.28-1.hce2.x86_64.rpm php-bcmath-8.0.28-1.hce2.x86_64.rpm php-cli-8.0.28-1.hce2.x86_64.rpm php-common-8.0.28-1.hce2.x86_64.rpm php-dba-8.0.28-1.hce2.x86_64.rpm php-dbg-8.0.28-1.hce2.x86_64.rpm php-devel-8.0.28-1.hce2.x86_64.rpm php-embedded-8.0.28-1.hce2.x86_64.rpm php-enchant-8.0.28-1.hce2.x86_64.rpm php-ffi-8.0.28-1.hce2.x86_64.rpm php-fpm-8.0.28-1.hce2.x86_64.rpm php-gd-8.0.28-1.hce2.x86_64.rpm php-gmp-8.0.28-1.hce2.x86_64.rpm php-help-8.0.28-1.hce2.x86_64.rpm php-intl-8.0.28-1.hce2.x86_64.rpm php-ldap-8.0.28-1.hce2.x86_64.rpm php-mbstring-8.0.28-1.hce2.x86_64.rpm php-mysqlnd-8.0.28-1.hce2.x86_64.rpm php-odbc-8.0.28-1.hce2.x86_64.rpm php-opcache-8.0.28-1.hce2.x86_64.rpm php-pdo-8.0.28-1.hce2.x86_64.rpm php-pgsql-8.0.28-1.hce2.x86_64.rpm php-process-8.0.28-1.hce2.x86_64.rpm php-snmp-8.0.28-1.hce2.x86_64.rpm php-soap-8.0.28-1.hce2.x86_64.rpm php-tidy-8.0.28-1.hce2.x86_64.rpm php-xml-8.0.28-1.hce2.x86_64.rpm