Skip to main content

Summary

An exploit for a critical vulnerability (CVE-2022-37454) impacting PHP and other middleware was publicly released on October 20, 2022.

A detailed description of the vulnerability can be found on Red Hat Customer Portal.

The Centreon Security Group has conducted an initial assessment across the codebase to determine the impact of this vulnerability.  

 

Impacts

  • Not specified by publisher
  • Data Privacy Breach

 

Affected systems

  • PHP 8.0.x versions prior to 8.0.25
  • PHP 8.1.x versions prior to 8.1.12

 

State of investigation

Red Hat is currently under investigation on potential effects.

Centreon doesn’t use SHA-3 mechanism, so no Centreon Editions is impacted.

However, PHP versions 8.0.25 and 8.1.12 are already available with fixes to this vulnerability, so PHP can be updated on your Centreon platforms using following commands:

For all supported Centreon versions (21.10 to 22.10) on Enterprise Linux 7 et 8:

yum update php\*
systemctl restart php-fpm

For Centreon 22.04 on Debian 11:

apt update
apt upgrade php
systemctl restart php8.0-fpm

For Centreon 22.10 on Debian 11:

apt update
apt upgrade php
systemctl restart php8.1-fpm

 

This advisory will be updated as additional information becomes available. Please make sure to subscribe to updates.

Be the first to reply!

Reply