Описание
Security update for php72
This update for php72 fixes the following issues:
- CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867)
- CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870)
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
apache2-mod_php72-7.2.5-1.84.1
php72-7.2.5-1.84.1
php72-bcmath-7.2.5-1.84.1
php72-bz2-7.2.5-1.84.1
php72-calendar-7.2.5-1.84.1
php72-ctype-7.2.5-1.84.1
php72-curl-7.2.5-1.84.1
php72-dba-7.2.5-1.84.1
php72-dom-7.2.5-1.84.1
php72-enchant-7.2.5-1.84.1
php72-exif-7.2.5-1.84.1
php72-fastcgi-7.2.5-1.84.1
php72-fileinfo-7.2.5-1.84.1
php72-fpm-7.2.5-1.84.1
php72-ftp-7.2.5-1.84.1
php72-gd-7.2.5-1.84.1
php72-gettext-7.2.5-1.84.1
php72-gmp-7.2.5-1.84.1
php72-iconv-7.2.5-1.84.1
php72-imap-7.2.5-1.84.1
php72-intl-7.2.5-1.84.1
php72-json-7.2.5-1.84.1
php72-ldap-7.2.5-1.84.1
php72-mbstring-7.2.5-1.84.1
php72-mysql-7.2.5-1.84.1
php72-odbc-7.2.5-1.84.1
php72-opcache-7.2.5-1.84.1
php72-openssl-7.2.5-1.84.1
php72-pcntl-7.2.5-1.84.1
php72-pdo-7.2.5-1.84.1
php72-pear-7.2.5-1.84.1
php72-pear-Archive_Tar-7.2.5-1.84.1
php72-pgsql-7.2.5-1.84.1
php72-phar-7.2.5-1.84.1
php72-posix-7.2.5-1.84.1
php72-pspell-7.2.5-1.84.1
php72-readline-7.2.5-1.84.1
php72-shmop-7.2.5-1.84.1
php72-snmp-7.2.5-1.84.1
php72-soap-7.2.5-1.84.1
php72-sockets-7.2.5-1.84.1
php72-sodium-7.2.5-1.84.1
php72-sqlite-7.2.5-1.84.1
php72-sysvmsg-7.2.5-1.84.1
php72-sysvsem-7.2.5-1.84.1
php72-sysvshm-7.2.5-1.84.1
php72-tidy-7.2.5-1.84.1
php72-tokenizer-7.2.5-1.84.1
php72-wddx-7.2.5-1.84.1
php72-xmlreader-7.2.5-1.84.1
php72-xmlrpc-7.2.5-1.84.1
php72-xmlwriter-7.2.5-1.84.1
php72-xsl-7.2.5-1.84.1
php72-zip-7.2.5-1.84.1
php72-zlib-7.2.5-1.84.1
SUSE Linux Enterprise Software Development Kit 12 SP5
php72-devel-7.2.5-1.84.1
Ссылки
- Link for SUSE-SU-2022:3957-1
- E-Mail link for SUSE-SU-2022:3957-1
- SUSE Security Ratings
- SUSE Bug 1203867
- SUSE Bug 1203870
- SUSE CVE CVE-2022-31628 page
- SUSE CVE CVE-2022-31629 page
Описание
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.84.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.84.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.84.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.84.1
Ссылки
- CVE-2022-31628
- SUSE Bug 1203867
Описание
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:apache2-mod_php72-7.2.5-1.84.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-7.2.5-1.84.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bcmath-7.2.5-1.84.1
SUSE Linux Enterprise Module for Web and Scripting 12:php72-bz2-7.2.5-1.84.1
Ссылки
- CVE-2022-31629
- SUSE Bug 1203870
- SUSE Bug 1222857