SUSE-SU-2020:0622-1

Опубликовано: 09 мар. 2020

Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following issues:

CVE-2020-7062: Fixed a null pointer dereference when using file upload functionality under specific circumstances (bsc#1165280).
CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289).
CVE-2020-7059: Fixed an out of bounds read in php_strip_tags_ex which may have led to denial of service (bsc#1162629).
CVE-2020-7060: Fixed a global buffer overflow in mbfl_filt_conv_big5_wchar which may have led to memory corruption (bsc#1162632).

Список пакетов

SUSE Linux Enterprise High Performance Computing 15-ESPOS

apache2-mod_php7-7.2.5-4.52.4

php7-7.2.5-4.52.4

php7-bcmath-7.2.5-4.52.4

php7-bz2-7.2.5-4.52.4

php7-calendar-7.2.5-4.52.4

php7-ctype-7.2.5-4.52.4

php7-curl-7.2.5-4.52.4

php7-dba-7.2.5-4.52.4

php7-devel-7.2.5-4.52.4

php7-dom-7.2.5-4.52.4

php7-enchant-7.2.5-4.52.4

php7-exif-7.2.5-4.52.4

php7-fastcgi-7.2.5-4.52.4

php7-fileinfo-7.2.5-4.52.4

php7-fpm-7.2.5-4.52.4

php7-ftp-7.2.5-4.52.4

php7-gd-7.2.5-4.52.4

php7-gettext-7.2.5-4.52.4

php7-gmp-7.2.5-4.52.4

php7-iconv-7.2.5-4.52.4

php7-intl-7.2.5-4.52.4

php7-json-7.2.5-4.52.4

php7-ldap-7.2.5-4.52.4

php7-mbstring-7.2.5-4.52.4

php7-mysql-7.2.5-4.52.4

php7-odbc-7.2.5-4.52.4

php7-opcache-7.2.5-4.52.4

php7-openssl-7.2.5-4.52.4

php7-pcntl-7.2.5-4.52.4

php7-pdo-7.2.5-4.52.4

php7-pear-7.2.5-4.52.4

php7-pear-Archive_Tar-7.2.5-4.52.4

php7-pgsql-7.2.5-4.52.4

php7-phar-7.2.5-4.52.4

php7-posix-7.2.5-4.52.4

php7-shmop-7.2.5-4.52.4

php7-snmp-7.2.5-4.52.4

php7-soap-7.2.5-4.52.4

php7-sockets-7.2.5-4.52.4

php7-sodium-7.2.5-4.52.4

php7-sqlite-7.2.5-4.52.4

php7-sysvmsg-7.2.5-4.52.4

php7-sysvsem-7.2.5-4.52.4

php7-sysvshm-7.2.5-4.52.4

php7-tokenizer-7.2.5-4.52.4

php7-wddx-7.2.5-4.52.4

php7-xmlreader-7.2.5-4.52.4

php7-xmlrpc-7.2.5-4.52.4

php7-xmlwriter-7.2.5-4.52.4

php7-xsl-7.2.5-4.52.4

php7-zip-7.2.5-4.52.4

php7-zlib-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-LTSS

apache2-mod_php7-7.2.5-4.52.4

php7-7.2.5-4.52.4

php7-bcmath-7.2.5-4.52.4

php7-bz2-7.2.5-4.52.4

php7-calendar-7.2.5-4.52.4

php7-ctype-7.2.5-4.52.4

php7-curl-7.2.5-4.52.4

php7-dba-7.2.5-4.52.4

php7-devel-7.2.5-4.52.4

php7-dom-7.2.5-4.52.4

php7-enchant-7.2.5-4.52.4

php7-exif-7.2.5-4.52.4

php7-fastcgi-7.2.5-4.52.4

php7-fileinfo-7.2.5-4.52.4

php7-fpm-7.2.5-4.52.4

php7-ftp-7.2.5-4.52.4

php7-gd-7.2.5-4.52.4

php7-gettext-7.2.5-4.52.4

php7-gmp-7.2.5-4.52.4

php7-iconv-7.2.5-4.52.4

php7-intl-7.2.5-4.52.4

php7-json-7.2.5-4.52.4

php7-ldap-7.2.5-4.52.4

php7-mbstring-7.2.5-4.52.4

php7-mysql-7.2.5-4.52.4

php7-odbc-7.2.5-4.52.4

php7-opcache-7.2.5-4.52.4

php7-openssl-7.2.5-4.52.4

php7-pcntl-7.2.5-4.52.4

php7-pdo-7.2.5-4.52.4

php7-pear-7.2.5-4.52.4

php7-pear-Archive_Tar-7.2.5-4.52.4

php7-pgsql-7.2.5-4.52.4

php7-phar-7.2.5-4.52.4

php7-posix-7.2.5-4.52.4

php7-shmop-7.2.5-4.52.4

php7-snmp-7.2.5-4.52.4

php7-soap-7.2.5-4.52.4

php7-sockets-7.2.5-4.52.4

php7-sodium-7.2.5-4.52.4

php7-sqlite-7.2.5-4.52.4

php7-sysvmsg-7.2.5-4.52.4

php7-sysvsem-7.2.5-4.52.4

php7-sysvshm-7.2.5-4.52.4

php7-tokenizer-7.2.5-4.52.4

php7-wddx-7.2.5-4.52.4

php7-xmlreader-7.2.5-4.52.4

php7-xmlrpc-7.2.5-4.52.4

php7-xmlwriter-7.2.5-4.52.4

php7-xsl-7.2.5-4.52.4

php7-zip-7.2.5-4.52.4

php7-zlib-7.2.5-4.52.4

SUSE Linux Enterprise Module for Web and Scripting 15 SP1

apache2-mod_php7-7.2.5-4.52.4

php7-7.2.5-4.52.4

php7-bcmath-7.2.5-4.52.4

php7-bz2-7.2.5-4.52.4

php7-calendar-7.2.5-4.52.4

php7-ctype-7.2.5-4.52.4

php7-curl-7.2.5-4.52.4

php7-dba-7.2.5-4.52.4

php7-devel-7.2.5-4.52.4

php7-dom-7.2.5-4.52.4

php7-enchant-7.2.5-4.52.4

php7-exif-7.2.5-4.52.4

php7-fastcgi-7.2.5-4.52.4

php7-fileinfo-7.2.5-4.52.4

php7-fpm-7.2.5-4.52.4

php7-ftp-7.2.5-4.52.4

php7-gd-7.2.5-4.52.4

php7-gettext-7.2.5-4.52.4

php7-gmp-7.2.5-4.52.4

php7-iconv-7.2.5-4.52.4

php7-intl-7.2.5-4.52.4

php7-json-7.2.5-4.52.4

php7-ldap-7.2.5-4.52.4

php7-mbstring-7.2.5-4.52.4

php7-mysql-7.2.5-4.52.4

php7-odbc-7.2.5-4.52.4

php7-opcache-7.2.5-4.52.4

php7-openssl-7.2.5-4.52.4

php7-pcntl-7.2.5-4.52.4

php7-pdo-7.2.5-4.52.4

php7-pear-7.2.5-4.52.4

php7-pear-Archive_Tar-7.2.5-4.52.4

php7-pgsql-7.2.5-4.52.4

php7-phar-7.2.5-4.52.4

php7-posix-7.2.5-4.52.4

php7-shmop-7.2.5-4.52.4

php7-snmp-7.2.5-4.52.4

php7-soap-7.2.5-4.52.4

php7-sockets-7.2.5-4.52.4

php7-sodium-7.2.5-4.52.4

php7-sqlite-7.2.5-4.52.4

php7-sysvmsg-7.2.5-4.52.4

php7-sysvsem-7.2.5-4.52.4

php7-sysvshm-7.2.5-4.52.4

php7-tokenizer-7.2.5-4.52.4

php7-wddx-7.2.5-4.52.4

php7-xmlreader-7.2.5-4.52.4

php7-xmlrpc-7.2.5-4.52.4

php7-xmlwriter-7.2.5-4.52.4

php7-xsl-7.2.5-4.52.4

php7-zip-7.2.5-4.52.4

php7-zlib-7.2.5-4.52.4

SUSE Linux Enterprise Server 15-LTSS

apache2-mod_php7-7.2.5-4.52.4

php7-7.2.5-4.52.4

php7-bcmath-7.2.5-4.52.4

php7-bz2-7.2.5-4.52.4

php7-calendar-7.2.5-4.52.4

php7-ctype-7.2.5-4.52.4

php7-curl-7.2.5-4.52.4

php7-dba-7.2.5-4.52.4

php7-devel-7.2.5-4.52.4

php7-dom-7.2.5-4.52.4

php7-enchant-7.2.5-4.52.4

php7-exif-7.2.5-4.52.4

php7-fastcgi-7.2.5-4.52.4

php7-fileinfo-7.2.5-4.52.4

php7-fpm-7.2.5-4.52.4

php7-ftp-7.2.5-4.52.4

php7-gd-7.2.5-4.52.4

php7-gettext-7.2.5-4.52.4

php7-gmp-7.2.5-4.52.4

php7-iconv-7.2.5-4.52.4

php7-intl-7.2.5-4.52.4

php7-json-7.2.5-4.52.4

php7-ldap-7.2.5-4.52.4

php7-mbstring-7.2.5-4.52.4

php7-mysql-7.2.5-4.52.4

php7-odbc-7.2.5-4.52.4

php7-opcache-7.2.5-4.52.4

php7-openssl-7.2.5-4.52.4

php7-pcntl-7.2.5-4.52.4

php7-pdo-7.2.5-4.52.4

php7-pear-7.2.5-4.52.4

php7-pear-Archive_Tar-7.2.5-4.52.4

php7-pgsql-7.2.5-4.52.4

php7-phar-7.2.5-4.52.4

php7-posix-7.2.5-4.52.4

php7-shmop-7.2.5-4.52.4

php7-snmp-7.2.5-4.52.4

php7-soap-7.2.5-4.52.4

php7-sockets-7.2.5-4.52.4

php7-sodium-7.2.5-4.52.4

php7-sqlite-7.2.5-4.52.4

php7-sysvmsg-7.2.5-4.52.4

php7-sysvsem-7.2.5-4.52.4

php7-sysvshm-7.2.5-4.52.4

php7-tokenizer-7.2.5-4.52.4

php7-wddx-7.2.5-4.52.4

php7-xmlreader-7.2.5-4.52.4

php7-xmlrpc-7.2.5-4.52.4

php7-xmlwriter-7.2.5-4.52.4

php7-xsl-7.2.5-4.52.4

php7-zip-7.2.5-4.52.4

php7-zlib-7.2.5-4.52.4

SUSE Linux Enterprise Server for SAP Applications 15

apache2-mod_php7-7.2.5-4.52.4

php7-7.2.5-4.52.4

php7-bcmath-7.2.5-4.52.4

php7-bz2-7.2.5-4.52.4

php7-calendar-7.2.5-4.52.4

php7-ctype-7.2.5-4.52.4

php7-curl-7.2.5-4.52.4

php7-dba-7.2.5-4.52.4

php7-devel-7.2.5-4.52.4

php7-dom-7.2.5-4.52.4

php7-enchant-7.2.5-4.52.4

php7-exif-7.2.5-4.52.4

php7-fastcgi-7.2.5-4.52.4

php7-fileinfo-7.2.5-4.52.4

php7-fpm-7.2.5-4.52.4

php7-ftp-7.2.5-4.52.4

php7-gd-7.2.5-4.52.4

php7-gettext-7.2.5-4.52.4

php7-gmp-7.2.5-4.52.4

php7-iconv-7.2.5-4.52.4

php7-intl-7.2.5-4.52.4

php7-json-7.2.5-4.52.4

php7-ldap-7.2.5-4.52.4

php7-mbstring-7.2.5-4.52.4

php7-mysql-7.2.5-4.52.4

php7-odbc-7.2.5-4.52.4

php7-opcache-7.2.5-4.52.4

php7-openssl-7.2.5-4.52.4

php7-pcntl-7.2.5-4.52.4

php7-pdo-7.2.5-4.52.4

php7-pear-7.2.5-4.52.4

php7-pear-Archive_Tar-7.2.5-4.52.4

php7-pgsql-7.2.5-4.52.4

php7-phar-7.2.5-4.52.4

php7-posix-7.2.5-4.52.4

php7-shmop-7.2.5-4.52.4

php7-snmp-7.2.5-4.52.4

php7-soap-7.2.5-4.52.4

php7-sockets-7.2.5-4.52.4

php7-sodium-7.2.5-4.52.4

php7-sqlite-7.2.5-4.52.4

php7-sysvmsg-7.2.5-4.52.4

php7-sysvsem-7.2.5-4.52.4

php7-sysvshm-7.2.5-4.52.4

php7-tokenizer-7.2.5-4.52.4

php7-wddx-7.2.5-4.52.4

php7-xmlreader-7.2.5-4.52.4

php7-xmlrpc-7.2.5-4.52.4

php7-xmlwriter-7.2.5-4.52.4

php7-xsl-7.2.5-4.52.4

php7-zip-7.2.5-4.52.4

php7-zlib-7.2.5-4.52.4

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20200622-1/
Link for SUSE-SU-2020:0622-1
https://lists.suse.com/pipermail/sle-security-updates/2020-March/006589.html
E-Mail link for SUSE-SU-2020:0622-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1162629
SUSE Bug 1162629
https://bugzilla.suse.com/1162632
SUSE Bug 1162632
https://bugzilla.suse.com/1165280
SUSE Bug 1165280
https://bugzilla.suse.com/1165289
SUSE Bug 1165289
https://www.suse.com/security/cve/CVE-2020-7059/
SUSE CVE CVE-2020-7059 page
https://www.suse.com/security/cve/CVE-2020-7060/
SUSE CVE CVE-2020-7060 page
https://www.suse.com/security/cve/CVE-2020-7062/
SUSE CVE CVE-2020-7062 page
https://www.suse.com/security/cve/CVE-2020-7063/
SUSE CVE CVE-2020-7063 page

Описание

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15-ESPOS:apache2-mod_php7-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-ESPOS:php7-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-ESPOS:php7-bcmath-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-ESPOS:php7-bz2-7.2.5-4.52.4

Ссылки

https://www.suse.com/security/cve/CVE-2020-7059.html
CVE-2020-7059
https://bugzilla.suse.com/1162629
SUSE Bug 1162629

Описание

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15-ESPOS:apache2-mod_php7-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-ESPOS:php7-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-ESPOS:php7-bcmath-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-ESPOS:php7-bz2-7.2.5-4.52.4

Ссылки

https://www.suse.com/security/cve/CVE-2020-7060.html
CVE-2020-7060
https://bugzilla.suse.com/1162632
SUSE Bug 1162632

Описание

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15-ESPOS:apache2-mod_php7-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-ESPOS:php7-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-ESPOS:php7-bcmath-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-ESPOS:php7-bz2-7.2.5-4.52.4

Ссылки

https://www.suse.com/security/cve/CVE-2020-7062.html
CVE-2020-7062
https://bugzilla.suse.com/1165280
SUSE Bug 1165280

Описание

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15-ESPOS:apache2-mod_php7-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-ESPOS:php7-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-ESPOS:php7-bcmath-7.2.5-4.52.4

SUSE Linux Enterprise High Performance Computing 15-ESPOS:php7-bz2-7.2.5-4.52.4

Ссылки

https://www.suse.com/security/cve/CVE-2020-7063.html
CVE-2020-7063
https://bugzilla.suse.com/1165289
SUSE Bug 1165289

SUSE-SU-2020:0622-1

Описание

Список пакетов

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Module for Web and Scripting 15 SP1

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

Ссылки

Уязвимость: CVE-2020-7059

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-7060

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-7062

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-7063

Описание

Затронутые продукты

Ссылки