SUSE-SU-2021:3726-1

Опубликовано: 18 нояб. 2021

Источник: suse-cvrf

Описание

Security update for php74

This update for php74 fixes the following issues:

CVE-2021-21703: Fixed local privilege escalation via PHP-FPM (bsc#1192050).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

apache2-mod_php74-7.4.6-1.27.1

php74-7.4.6-1.27.1

php74-bcmath-7.4.6-1.27.1

php74-bz2-7.4.6-1.27.1

php74-calendar-7.4.6-1.27.1

php74-ctype-7.4.6-1.27.1

php74-curl-7.4.6-1.27.1

php74-dba-7.4.6-1.27.1

php74-dom-7.4.6-1.27.1

php74-enchant-7.4.6-1.27.1

php74-exif-7.4.6-1.27.1

php74-fastcgi-7.4.6-1.27.1

php74-fileinfo-7.4.6-1.27.1

php74-fpm-7.4.6-1.27.1

php74-ftp-7.4.6-1.27.1

php74-gd-7.4.6-1.27.1

php74-gettext-7.4.6-1.27.1

php74-gmp-7.4.6-1.27.1

php74-iconv-7.4.6-1.27.1

php74-intl-7.4.6-1.27.1

php74-json-7.4.6-1.27.1

php74-ldap-7.4.6-1.27.1

php74-mbstring-7.4.6-1.27.1

php74-mysql-7.4.6-1.27.1

php74-odbc-7.4.6-1.27.1

php74-opcache-7.4.6-1.27.1

php74-openssl-7.4.6-1.27.1

php74-pcntl-7.4.6-1.27.1

php74-pdo-7.4.6-1.27.1

php74-pgsql-7.4.6-1.27.1

php74-phar-7.4.6-1.27.1

php74-posix-7.4.6-1.27.1

php74-readline-7.4.6-1.27.1

php74-shmop-7.4.6-1.27.1

php74-snmp-7.4.6-1.27.1

php74-soap-7.4.6-1.27.1

php74-sockets-7.4.6-1.27.1

php74-sodium-7.4.6-1.27.1

php74-sqlite-7.4.6-1.27.1

php74-sysvmsg-7.4.6-1.27.1

php74-sysvsem-7.4.6-1.27.1

php74-sysvshm-7.4.6-1.27.1

php74-tidy-7.4.6-1.27.1

php74-tokenizer-7.4.6-1.27.1

php74-xmlreader-7.4.6-1.27.1

php74-xmlrpc-7.4.6-1.27.1

php74-xmlwriter-7.4.6-1.27.1

php74-xsl-7.4.6-1.27.1

php74-zip-7.4.6-1.27.1

php74-zlib-7.4.6-1.27.1

SUSE Linux Enterprise Software Development Kit 12 SP5

php74-devel-7.4.6-1.27.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20213726-1/
Link for SUSE-SU-2021:3726-1
https://lists.suse.com/pipermail/sle-security-updates/2021-November/009743.html
E-Mail link for SUSE-SU-2021:3726-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1192050
SUSE Bug 1192050
https://www.suse.com/security/cve/CVE-2021-21703/
SUSE CVE CVE-2021-21703 page

Описание

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.6-1.27.1

SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.6-1.27.1

SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.6-1.27.1

SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.6-1.27.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-21703.html
CVE-2021-21703
https://bugzilla.suse.com/1192050
SUSE Bug 1192050

SUSE-SU-2021:3726-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2021-21703

Описание

Затронутые продукты

Ссылки