Описание
Security update for php72
This update for php72 fixes the following issues:
- CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645)
- CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628)
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php72-7.2.5-1.81.1
php72-7.2.5-1.81.1
php72-bcmath-7.2.5-1.81.1
php72-bz2-7.2.5-1.81.1
php72-calendar-7.2.5-1.81.1
php72-ctype-7.2.5-1.81.1
php72-curl-7.2.5-1.81.1
php72-dba-7.2.5-1.81.1
php72-dom-7.2.5-1.81.1
php72-enchant-7.2.5-1.81.1
php72-exif-7.2.5-1.81.1
php72-fastcgi-7.2.5-1.81.1
php72-fileinfo-7.2.5-1.81.1
php72-fpm-7.2.5-1.81.1
php72-ftp-7.2.5-1.81.1
php72-gd-7.2.5-1.81.1
php72-gettext-7.2.5-1.81.1
php72-gmp-7.2.5-1.81.1
php72-iconv-7.2.5-1.81.1
php72-imap-7.2.5-1.81.1
php72-intl-7.2.5-1.81.1
php72-json-7.2.5-1.81.1
php72-ldap-7.2.5-1.81.1
php72-mbstring-7.2.5-1.81.1
php72-mysql-7.2.5-1.81.1
php72-odbc-7.2.5-1.81.1
php72-opcache-7.2.5-1.81.1
php72-openssl-7.2.5-1.81.1
php72-pcntl-7.2.5-1.81.1
php72-pdo-7.2.5-1.81.1
php72-pear-7.2.5-1.81.1
php72-pear-Archive_Tar-7.2.5-1.81.1
php72-pgsql-7.2.5-1.81.1
php72-phar-7.2.5-1.81.1
php72-posix-7.2.5-1.81.1
php72-pspell-7.2.5-1.81.1
php72-readline-7.2.5-1.81.1
php72-shmop-7.2.5-1.81.1
php72-snmp-7.2.5-1.81.1
php72-soap-7.2.5-1.81.1
php72-sockets-7.2.5-1.81.1
php72-sodium-7.2.5-1.81.1
php72-sqlite-7.2.5-1.81.1
php72-sysvmsg-7.2.5-1.81.1
php72-sysvsem-7.2.5-1.81.1
php72-sysvshm-7.2.5-1.81.1
php72-tidy-7.2.5-1.81.1
php72-tokenizer-7.2.5-1.81.1
php72-wddx-7.2.5-1.81.1
php72-xmlreader-7.2.5-1.81.1
php72-xmlrpc-7.2.5-1.81.1
php72-xmlwriter-7.2.5-1.81.1
php72-xsl-7.2.5-1.81.1
php72-zip-7.2.5-1.81.1
php72-zlib-7.2.5-1.81.1
SUSE Linux Enterprise Software Development Kit 12 SP5
php72-devel-7.2.5-1.81.1
Ссылки
- Link for SUSE-SU-2022:2183-1
- E-Mail link for SUSE-SU-2022:2183-1
- SUSE Security Ratings
- SUSE Bug 1200628
- SUSE Bug 1200645
- SUSE CVE CVE-2022-31625 page
- SUSE CVE CVE-2022-31626 page
Описание
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.81.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.81.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.81.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.81.1
Ссылки
- CVE-2022-31625
- SUSE Bug 1200645
Описание
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.81.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.81.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.81.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.81.1
Ссылки
- CVE-2022-31626
- SUSE Bug 1200628