Описание
Security update for php8
This update for php8 fixes the following issues:
- CVE-2021-21707: Fixed a special character that breaks path in xml parsing. (bsc#1193041)
- CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645)
- CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628)
Список пакетов
Container bci/php-apache:8
apache2-mod_php8-8.0.10-150400.4.8.1
php8-8.0.10-150400.4.8.1
php8-cli-8.0.10-150400.4.8.1
php8-curl-8.0.10-150400.4.8.1
php8-mbstring-8.0.10-150400.4.8.1
php8-openssl-8.0.10-150400.4.8.1
php8-phar-8.0.10-150400.4.8.1
php8-zip-8.0.10-150400.4.8.1
php8-zlib-8.0.10-150400.4.8.1
Container bci/php-apache:latest
apache2-mod_php8-8.0.10-150400.4.8.1
php8-8.0.10-150400.4.8.1
php8-cli-8.0.10-150400.4.8.1
php8-curl-8.0.10-150400.4.8.1
php8-mbstring-8.0.10-150400.4.8.1
php8-openssl-8.0.10-150400.4.8.1
php8-phar-8.0.10-150400.4.8.1
php8-zip-8.0.10-150400.4.8.1
php8-zlib-8.0.10-150400.4.8.1
Container bci/php-fpm:8
php8-8.0.10-150400.4.8.1
php8-cli-8.0.10-150400.4.8.1
php8-curl-8.0.10-150400.4.8.1
php8-fpm-8.0.10-150400.4.8.1
php8-mbstring-8.0.10-150400.4.8.1
php8-openssl-8.0.10-150400.4.8.1
php8-phar-8.0.10-150400.4.8.1
php8-zip-8.0.10-150400.4.8.1
php8-zlib-8.0.10-150400.4.8.1
Container bci/php-fpm:latest
php8-8.0.10-150400.4.8.1
php8-cli-8.0.10-150400.4.8.1
php8-curl-8.0.10-150400.4.8.1
php8-fpm-8.0.10-150400.4.8.1
php8-mbstring-8.0.10-150400.4.8.1
php8-openssl-8.0.10-150400.4.8.1
php8-phar-8.0.10-150400.4.8.1
php8-zip-8.0.10-150400.4.8.1
php8-zlib-8.0.10-150400.4.8.1
Container bci/php:8
php8-8.0.10-150400.4.8.1
php8-cli-8.0.10-150400.4.8.1
php8-curl-8.0.10-150400.4.8.1
php8-mbstring-8.0.10-150400.4.8.1
php8-openssl-8.0.10-150400.4.8.1
php8-phar-8.0.10-150400.4.8.1
php8-zip-8.0.10-150400.4.8.1
php8-zlib-8.0.10-150400.4.8.1
Container bci/php:latest
php8-8.0.10-150400.4.8.1
php8-cli-8.0.10-150400.4.8.1
php8-curl-8.0.10-150400.4.8.1
php8-mbstring-8.0.10-150400.4.8.1
php8-openssl-8.0.10-150400.4.8.1
php8-phar-8.0.10-150400.4.8.1
php8-readline-8.0.10-150400.4.8.1
php8-zip-8.0.10-150400.4.8.1
php8-zlib-8.0.10-150400.4.8.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP4
apache2-mod_php8-8.0.10-150400.4.8.1
php8-8.0.10-150400.4.8.1
php8-bcmath-8.0.10-150400.4.8.1
php8-bz2-8.0.10-150400.4.8.1
php8-calendar-8.0.10-150400.4.8.1
php8-cli-8.0.10-150400.4.8.1
php8-ctype-8.0.10-150400.4.8.1
php8-curl-8.0.10-150400.4.8.1
php8-dba-8.0.10-150400.4.8.1
php8-devel-8.0.10-150400.4.8.1
php8-dom-8.0.10-150400.4.8.1
php8-embed-8.0.10-150400.4.8.1
php8-enchant-8.0.10-150400.4.8.1
php8-exif-8.0.10-150400.4.8.1
php8-fastcgi-8.0.10-150400.4.8.1
php8-fileinfo-8.0.10-150400.4.8.1
php8-fpm-8.0.10-150400.4.8.1
php8-ftp-8.0.10-150400.4.8.1
php8-gd-8.0.10-150400.4.8.1
php8-gettext-8.0.10-150400.4.8.1
php8-gmp-8.0.10-150400.4.8.1
php8-iconv-8.0.10-150400.4.8.1
php8-intl-8.0.10-150400.4.8.1
php8-ldap-8.0.10-150400.4.8.1
php8-mbstring-8.0.10-150400.4.8.1
php8-mysql-8.0.10-150400.4.8.1
php8-odbc-8.0.10-150400.4.8.1
php8-opcache-8.0.10-150400.4.8.1
php8-openssl-8.0.10-150400.4.8.1
php8-pcntl-8.0.10-150400.4.8.1
php8-pdo-8.0.10-150400.4.8.1
php8-pgsql-8.0.10-150400.4.8.1
php8-phar-8.0.10-150400.4.8.1
php8-posix-8.0.10-150400.4.8.1
php8-readline-8.0.10-150400.4.8.1
php8-shmop-8.0.10-150400.4.8.1
php8-snmp-8.0.10-150400.4.8.1
php8-soap-8.0.10-150400.4.8.1
php8-sockets-8.0.10-150400.4.8.1
php8-sodium-8.0.10-150400.4.8.1
php8-sqlite-8.0.10-150400.4.8.1
php8-sysvmsg-8.0.10-150400.4.8.1
php8-sysvsem-8.0.10-150400.4.8.1
php8-sysvshm-8.0.10-150400.4.8.1
php8-test-8.0.10-150400.4.8.1
php8-tidy-8.0.10-150400.4.8.1
php8-tokenizer-8.0.10-150400.4.8.1
php8-xmlreader-8.0.10-150400.4.8.1
php8-xmlwriter-8.0.10-150400.4.8.1
php8-xsl-8.0.10-150400.4.8.1
php8-zip-8.0.10-150400.4.8.1
php8-zlib-8.0.10-150400.4.8.1
openSUSE Leap 15.4
apache2-mod_php8-8.0.10-150400.4.8.1
php8-8.0.10-150400.4.8.1
php8-bcmath-8.0.10-150400.4.8.1
php8-bz2-8.0.10-150400.4.8.1
php8-calendar-8.0.10-150400.4.8.1
php8-cli-8.0.10-150400.4.8.1
php8-ctype-8.0.10-150400.4.8.1
php8-curl-8.0.10-150400.4.8.1
php8-dba-8.0.10-150400.4.8.1
php8-devel-8.0.10-150400.4.8.1
php8-dom-8.0.10-150400.4.8.1
php8-embed-8.0.10-150400.4.8.1
php8-enchant-8.0.10-150400.4.8.1
php8-exif-8.0.10-150400.4.8.1
php8-fastcgi-8.0.10-150400.4.8.1
php8-fileinfo-8.0.10-150400.4.8.1
php8-fpm-8.0.10-150400.4.8.1
php8-ftp-8.0.10-150400.4.8.1
php8-gd-8.0.10-150400.4.8.1
php8-gettext-8.0.10-150400.4.8.1
php8-gmp-8.0.10-150400.4.8.1
php8-iconv-8.0.10-150400.4.8.1
php8-intl-8.0.10-150400.4.8.1
php8-ldap-8.0.10-150400.4.8.1
php8-mbstring-8.0.10-150400.4.8.1
php8-mysql-8.0.10-150400.4.8.1
php8-odbc-8.0.10-150400.4.8.1
php8-opcache-8.0.10-150400.4.8.1
php8-openssl-8.0.10-150400.4.8.1
php8-pcntl-8.0.10-150400.4.8.1
php8-pdo-8.0.10-150400.4.8.1
php8-pgsql-8.0.10-150400.4.8.1
php8-phar-8.0.10-150400.4.8.1
php8-posix-8.0.10-150400.4.8.1
php8-readline-8.0.10-150400.4.8.1
php8-shmop-8.0.10-150400.4.8.1
php8-snmp-8.0.10-150400.4.8.1
php8-soap-8.0.10-150400.4.8.1
php8-sockets-8.0.10-150400.4.8.1
php8-sodium-8.0.10-150400.4.8.1
php8-sqlite-8.0.10-150400.4.8.1
php8-sysvmsg-8.0.10-150400.4.8.1
php8-sysvsem-8.0.10-150400.4.8.1
php8-sysvshm-8.0.10-150400.4.8.1
php8-test-8.0.10-150400.4.8.1
php8-tidy-8.0.10-150400.4.8.1
php8-tokenizer-8.0.10-150400.4.8.1
php8-xmlreader-8.0.10-150400.4.8.1
php8-xmlwriter-8.0.10-150400.4.8.1
php8-xsl-8.0.10-150400.4.8.1
php8-zip-8.0.10-150400.4.8.1
php8-zlib-8.0.10-150400.4.8.1
Ссылки
- Link for SUSE-SU-2022:2303-1
- E-Mail link for SUSE-SU-2022:2303-1
- SUSE Security Ratings
- SUSE Bug 1193041
- SUSE Bug 1200628
- SUSE Bug 1200645
- SUSE CVE CVE-2021-21707 page
- SUSE CVE CVE-2022-31625 page
- SUSE CVE CVE-2022-31626 page
Описание
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
Затронутые продукты
Container bci/php-apache:8:apache2-mod_php8-8.0.10-150400.4.8.1
Container bci/php-apache:8:php8-8.0.10-150400.4.8.1
Container bci/php-apache:8:php8-cli-8.0.10-150400.4.8.1
Container bci/php-apache:8:php8-curl-8.0.10-150400.4.8.1
Ссылки
- CVE-2021-21707
- SUSE Bug 1193041
Описание
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
Затронутые продукты
Container bci/php-apache:8:apache2-mod_php8-8.0.10-150400.4.8.1
Container bci/php-apache:8:php8-8.0.10-150400.4.8.1
Container bci/php-apache:8:php8-cli-8.0.10-150400.4.8.1
Container bci/php-apache:8:php8-curl-8.0.10-150400.4.8.1
Ссылки
- CVE-2022-31625
- SUSE Bug 1200645
Описание
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
Затронутые продукты
Container bci/php-apache:8:apache2-mod_php8-8.0.10-150400.4.8.1
Container bci/php-apache:8:php8-8.0.10-150400.4.8.1
Container bci/php-apache:8:php8-cli-8.0.10-150400.4.8.1
Container bci/php-apache:8:php8-curl-8.0.10-150400.4.8.1
Ссылки
- CVE-2022-31626
- SUSE Bug 1200628