Summary
An exploit for a critical vulnerability (CVE-2022-37454) impacting PHP and other middleware was publicly released on October 20, 2022.
A detailed description of the vulnerability can be found on Red Hat Customer Portal.
The Centreon Security Group has conducted an initial assessment across the codebase to determine the impact of this vulnerability.
Impacts
- Not specified by publisher
- Data Privacy Breach
Affected systems
- PHP 8.0.x versions prior to 8.0.25
- PHP 8.1.x versions prior to 8.1.12
State of investigation
Red Hat is currently under investigation on potential effects.
Centreon doesn’t use SHA-3 mechanism, so no Centreon Editions is impacted.
However, PHP versions 8.0.25 and 8.1.12 are already available with fixes to this vulnerability, so PHP can be updated on your Centreon platforms using following commands:
For all supported Centreon versions (21.10 to 22.10) on Enterprise Linux 7 et 8:
yum update php\*
systemctl restart php-fpmFor Centreon 22.04 on Debian 11:
apt update
apt upgrade php
systemctl restart php8.0-fpmFor Centreon 22.10 on Debian 11:
apt update
apt upgrade php
systemctl restart php8.1-fpm
This advisory will be updated as additional information becomes available. Please make sure to subscribe to updates.