Описание
Security update for php7
This update for php7 fixes the following issues:
- CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867)
- CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870)
Список пакетов
openSUSE Leap 15.4
php7-wddx-7.2.5-150000.4.98.2
Ссылки
- Link for SUSE-SU-2022:3830-1
- E-Mail link for SUSE-SU-2022:3830-1
- SUSE Security Ratings
- SUSE Bug 1203867
- SUSE Bug 1203870
- SUSE CVE CVE-2022-31628 page
- SUSE CVE CVE-2022-31629 page
Описание
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
Затронутые продукты
openSUSE Leap 15.4:php7-wddx-7.2.5-150000.4.98.2
Ссылки
- CVE-2022-31628
- SUSE Bug 1203867
Описание
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Затронутые продукты
openSUSE Leap 15.4:php7-wddx-7.2.5-150000.4.98.2
Ссылки
- CVE-2022-31629
- SUSE Bug 1203870
- SUSE Bug 1222857