Описание
Security update for php7
This update for php7 fixes the following issues:
- CVE-2021-21707: Fixed a special character breaks path in xml parsing. (bsc#1193041)
- CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645)
- CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628)
Список пакетов
SUSE Linux Enterprise Module for Legacy 15 SP4
apache2-mod_php7-7.4.25-150400.4.8.1
php7-7.4.25-150400.4.8.1
php7-bcmath-7.4.25-150400.4.8.1
php7-bz2-7.4.25-150400.4.8.1
php7-calendar-7.4.25-150400.4.8.1
php7-cli-7.4.25-150400.4.8.1
php7-ctype-7.4.25-150400.4.8.1
php7-curl-7.4.25-150400.4.8.1
php7-dba-7.4.25-150400.4.8.1
php7-devel-7.4.25-150400.4.8.1
php7-dom-7.4.25-150400.4.8.1
php7-enchant-7.4.25-150400.4.8.1
php7-exif-7.4.25-150400.4.8.1
php7-fastcgi-7.4.25-150400.4.8.1
php7-fileinfo-7.4.25-150400.4.8.1
php7-fpm-7.4.25-150400.4.8.1
php7-ftp-7.4.25-150400.4.8.1
php7-gd-7.4.25-150400.4.8.1
php7-gettext-7.4.25-150400.4.8.1
php7-gmp-7.4.25-150400.4.8.1
php7-iconv-7.4.25-150400.4.8.1
php7-intl-7.4.25-150400.4.8.1
php7-json-7.4.25-150400.4.8.1
php7-ldap-7.4.25-150400.4.8.1
php7-mbstring-7.4.25-150400.4.8.1
php7-mysql-7.4.25-150400.4.8.1
php7-odbc-7.4.25-150400.4.8.1
php7-opcache-7.4.25-150400.4.8.1
php7-openssl-7.4.25-150400.4.8.1
php7-pcntl-7.4.25-150400.4.8.1
php7-pdo-7.4.25-150400.4.8.1
php7-pgsql-7.4.25-150400.4.8.1
php7-phar-7.4.25-150400.4.8.1
php7-posix-7.4.25-150400.4.8.1
php7-readline-7.4.25-150400.4.8.1
php7-shmop-7.4.25-150400.4.8.1
php7-snmp-7.4.25-150400.4.8.1
php7-soap-7.4.25-150400.4.8.1
php7-sockets-7.4.25-150400.4.8.1
php7-sodium-7.4.25-150400.4.8.1
php7-sqlite-7.4.25-150400.4.8.1
php7-sysvmsg-7.4.25-150400.4.8.1
php7-sysvsem-7.4.25-150400.4.8.1
php7-sysvshm-7.4.25-150400.4.8.1
php7-tidy-7.4.25-150400.4.8.1
php7-tokenizer-7.4.25-150400.4.8.1
php7-xmlreader-7.4.25-150400.4.8.1
php7-xmlrpc-7.4.25-150400.4.8.1
php7-xmlwriter-7.4.25-150400.4.8.1
php7-xsl-7.4.25-150400.4.8.1
php7-zip-7.4.25-150400.4.8.1
php7-zlib-7.4.25-150400.4.8.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
php7-embed-7.4.25-150400.4.8.1
openSUSE Leap 15.4
apache2-mod_php7-7.4.25-150400.4.8.1
php7-7.4.25-150400.4.8.1
php7-bcmath-7.4.25-150400.4.8.1
php7-bz2-7.4.25-150400.4.8.1
php7-calendar-7.4.25-150400.4.8.1
php7-cli-7.4.25-150400.4.8.1
php7-ctype-7.4.25-150400.4.8.1
php7-curl-7.4.25-150400.4.8.1
php7-dba-7.4.25-150400.4.8.1
php7-devel-7.4.25-150400.4.8.1
php7-dom-7.4.25-150400.4.8.1
php7-embed-7.4.25-150400.4.8.1
php7-enchant-7.4.25-150400.4.8.1
php7-exif-7.4.25-150400.4.8.1
php7-fastcgi-7.4.25-150400.4.8.1
php7-fileinfo-7.4.25-150400.4.8.1
php7-fpm-7.4.25-150400.4.8.1
php7-ftp-7.4.25-150400.4.8.1
php7-gd-7.4.25-150400.4.8.1
php7-gettext-7.4.25-150400.4.8.1
php7-gmp-7.4.25-150400.4.8.1
php7-iconv-7.4.25-150400.4.8.1
php7-intl-7.4.25-150400.4.8.1
php7-json-7.4.25-150400.4.8.1
php7-ldap-7.4.25-150400.4.8.1
php7-mbstring-7.4.25-150400.4.8.1
php7-mysql-7.4.25-150400.4.8.1
php7-odbc-7.4.25-150400.4.8.1
php7-opcache-7.4.25-150400.4.8.1
php7-openssl-7.4.25-150400.4.8.1
php7-pcntl-7.4.25-150400.4.8.1
php7-pdo-7.4.25-150400.4.8.1
php7-pgsql-7.4.25-150400.4.8.1
php7-phar-7.4.25-150400.4.8.1
php7-posix-7.4.25-150400.4.8.1
php7-readline-7.4.25-150400.4.8.1
php7-shmop-7.4.25-150400.4.8.1
php7-snmp-7.4.25-150400.4.8.1
php7-soap-7.4.25-150400.4.8.1
php7-sockets-7.4.25-150400.4.8.1
php7-sodium-7.4.25-150400.4.8.1
php7-sqlite-7.4.25-150400.4.8.1
php7-sysvmsg-7.4.25-150400.4.8.1
php7-sysvsem-7.4.25-150400.4.8.1
php7-sysvshm-7.4.25-150400.4.8.1
php7-test-7.4.25-150400.4.8.1
php7-tidy-7.4.25-150400.4.8.1
php7-tokenizer-7.4.25-150400.4.8.1
php7-xmlreader-7.4.25-150400.4.8.1
php7-xmlrpc-7.4.25-150400.4.8.1
php7-xmlwriter-7.4.25-150400.4.8.1
php7-xsl-7.4.25-150400.4.8.1
php7-zip-7.4.25-150400.4.8.1
php7-zlib-7.4.25-150400.4.8.1
Ссылки
- Link for SUSE-SU-2022:2292-1
- E-Mail link for SUSE-SU-2022:2292-1
- SUSE Security Ratings
- SUSE Bug 1193041
- SUSE Bug 1200628
- SUSE Bug 1200645
- SUSE CVE CVE-2021-21707 page
- SUSE CVE CVE-2022-31625 page
- SUSE CVE CVE-2022-31626 page
Описание
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP4:apache2-mod_php7-7.4.25-150400.4.8.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-7.4.25-150400.4.8.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bcmath-7.4.25-150400.4.8.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bz2-7.4.25-150400.4.8.1
Ссылки
- CVE-2021-21707
- SUSE Bug 1193041
Описание
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP4:apache2-mod_php7-7.4.25-150400.4.8.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-7.4.25-150400.4.8.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bcmath-7.4.25-150400.4.8.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bz2-7.4.25-150400.4.8.1
Ссылки
- CVE-2022-31625
- SUSE Bug 1200645
Описание
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP4:apache2-mod_php7-7.4.25-150400.4.8.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-7.4.25-150400.4.8.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bcmath-7.4.25-150400.4.8.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bz2-7.4.25-150400.4.8.1
Ссылки
- CVE-2022-31626
- SUSE Bug 1200628