Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:0654-1

Опубликовано: 01 мар. 2022
Источник: suse-cvrf

Описание

Security update for php74

This update for php74 fixes the following issues:

  • CVE-2021-21708: Fixed use after free due to php_filter_float() failing for ints (bsc#1196252).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php74-7.4.6-1.36.1
php74-7.4.6-1.36.1
php74-bcmath-7.4.6-1.36.1
php74-bz2-7.4.6-1.36.1
php74-calendar-7.4.6-1.36.1
php74-ctype-7.4.6-1.36.1
php74-curl-7.4.6-1.36.1
php74-dba-7.4.6-1.36.1
php74-dom-7.4.6-1.36.1
php74-enchant-7.4.6-1.36.1
php74-exif-7.4.6-1.36.1
php74-fastcgi-7.4.6-1.36.1
php74-fileinfo-7.4.6-1.36.1
php74-fpm-7.4.6-1.36.1
php74-ftp-7.4.6-1.36.1
php74-gd-7.4.6-1.36.1
php74-gettext-7.4.6-1.36.1
php74-gmp-7.4.6-1.36.1
php74-iconv-7.4.6-1.36.1
php74-intl-7.4.6-1.36.1
php74-json-7.4.6-1.36.1
php74-ldap-7.4.6-1.36.1
php74-mbstring-7.4.6-1.36.1
php74-mysql-7.4.6-1.36.1
php74-odbc-7.4.6-1.36.1
php74-opcache-7.4.6-1.36.1
php74-openssl-7.4.6-1.36.1
php74-pcntl-7.4.6-1.36.1
php74-pdo-7.4.6-1.36.1
php74-pgsql-7.4.6-1.36.1
php74-phar-7.4.6-1.36.1
php74-posix-7.4.6-1.36.1
php74-readline-7.4.6-1.36.1
php74-shmop-7.4.6-1.36.1
php74-snmp-7.4.6-1.36.1
php74-soap-7.4.6-1.36.1
php74-sockets-7.4.6-1.36.1
php74-sodium-7.4.6-1.36.1
php74-sqlite-7.4.6-1.36.1
php74-sysvmsg-7.4.6-1.36.1
php74-sysvsem-7.4.6-1.36.1
php74-sysvshm-7.4.6-1.36.1
php74-tidy-7.4.6-1.36.1
php74-tokenizer-7.4.6-1.36.1
php74-xmlreader-7.4.6-1.36.1
php74-xmlrpc-7.4.6-1.36.1
php74-xmlwriter-7.4.6-1.36.1
php74-xsl-7.4.6-1.36.1
php74-zip-7.4.6-1.36.1
php74-zlib-7.4.6-1.36.1
SUSE Linux Enterprise Software Development Kit 12 SP5
php74-devel-7.4.6-1.36.1

Ссылки

Описание

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php74-7.4.6-1.36.1
SUSE Linux Enterprise Module for Web and Scripting 12:php74-7.4.6-1.36.1
SUSE Linux Enterprise Module for Web and Scripting 12:php74-bcmath-7.4.6-1.36.1
SUSE Linux Enterprise Module for Web and Scripting 12:php74-bz2-7.4.6-1.36.1
Ссылки