Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:3997-1

Опубликовано: 15 нояб. 2022
Источник: suse-cvrf

Описание

Security update for php7

This update for php7 fixes the following issues:

  • Version update to 7.4.33:

  • CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979).

  • CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577).

  • Version update to 7.4.32 (jsc#SLE-23639)

  • CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867)

  • CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870)

Список пакетов

SUSE Linux Enterprise Module for Legacy 15 SP4
apache2-mod_php7-7.4.33-150400.4.13.1
php7-7.4.33-150400.4.13.1
php7-bcmath-7.4.33-150400.4.13.1
php7-bz2-7.4.33-150400.4.13.1
php7-calendar-7.4.33-150400.4.13.1
php7-cli-7.4.33-150400.4.13.1
php7-ctype-7.4.33-150400.4.13.1
php7-curl-7.4.33-150400.4.13.1
php7-dba-7.4.33-150400.4.13.1
php7-devel-7.4.33-150400.4.13.1
php7-dom-7.4.33-150400.4.13.1
php7-enchant-7.4.33-150400.4.13.1
php7-exif-7.4.33-150400.4.13.1
php7-fastcgi-7.4.33-150400.4.13.1
php7-fileinfo-7.4.33-150400.4.13.1
php7-fpm-7.4.33-150400.4.13.1
php7-ftp-7.4.33-150400.4.13.1
php7-gd-7.4.33-150400.4.13.1
php7-gettext-7.4.33-150400.4.13.1
php7-gmp-7.4.33-150400.4.13.1
php7-iconv-7.4.33-150400.4.13.1
php7-intl-7.4.33-150400.4.13.1
php7-json-7.4.33-150400.4.13.1
php7-ldap-7.4.33-150400.4.13.1
php7-mbstring-7.4.33-150400.4.13.1
php7-mysql-7.4.33-150400.4.13.1
php7-odbc-7.4.33-150400.4.13.1
php7-opcache-7.4.33-150400.4.13.1
php7-openssl-7.4.33-150400.4.13.1
php7-pcntl-7.4.33-150400.4.13.1
php7-pdo-7.4.33-150400.4.13.1
php7-pgsql-7.4.33-150400.4.13.1
php7-phar-7.4.33-150400.4.13.1
php7-posix-7.4.33-150400.4.13.1
php7-readline-7.4.33-150400.4.13.1
php7-shmop-7.4.33-150400.4.13.1
php7-snmp-7.4.33-150400.4.13.1
php7-soap-7.4.33-150400.4.13.1
php7-sockets-7.4.33-150400.4.13.1
php7-sodium-7.4.33-150400.4.13.1
php7-sqlite-7.4.33-150400.4.13.1
php7-sysvmsg-7.4.33-150400.4.13.1
php7-sysvsem-7.4.33-150400.4.13.1
php7-sysvshm-7.4.33-150400.4.13.1
php7-tidy-7.4.33-150400.4.13.1
php7-tokenizer-7.4.33-150400.4.13.1
php7-xmlreader-7.4.33-150400.4.13.1
php7-xmlrpc-7.4.33-150400.4.13.1
php7-xmlwriter-7.4.33-150400.4.13.1
php7-xsl-7.4.33-150400.4.13.1
php7-zip-7.4.33-150400.4.13.1
php7-zlib-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
php7-embed-7.4.33-150400.4.13.1
openSUSE Leap 15.4
apache2-mod_php7-7.4.33-150400.4.13.1
php7-7.4.33-150400.4.13.1
php7-bcmath-7.4.33-150400.4.13.1
php7-bz2-7.4.33-150400.4.13.1
php7-calendar-7.4.33-150400.4.13.1
php7-cli-7.4.33-150400.4.13.1
php7-ctype-7.4.33-150400.4.13.1
php7-curl-7.4.33-150400.4.13.1
php7-dba-7.4.33-150400.4.13.1
php7-devel-7.4.33-150400.4.13.1
php7-dom-7.4.33-150400.4.13.1
php7-embed-7.4.33-150400.4.13.1
php7-enchant-7.4.33-150400.4.13.1
php7-exif-7.4.33-150400.4.13.1
php7-fastcgi-7.4.33-150400.4.13.1
php7-fileinfo-7.4.33-150400.4.13.1
php7-fpm-7.4.33-150400.4.13.1
php7-ftp-7.4.33-150400.4.13.1
php7-gd-7.4.33-150400.4.13.1
php7-gettext-7.4.33-150400.4.13.1
php7-gmp-7.4.33-150400.4.13.1
php7-iconv-7.4.33-150400.4.13.1
php7-intl-7.4.33-150400.4.13.1
php7-json-7.4.33-150400.4.13.1
php7-ldap-7.4.33-150400.4.13.1
php7-mbstring-7.4.33-150400.4.13.1
php7-mysql-7.4.33-150400.4.13.1
php7-odbc-7.4.33-150400.4.13.1
php7-opcache-7.4.33-150400.4.13.1
php7-openssl-7.4.33-150400.4.13.1
php7-pcntl-7.4.33-150400.4.13.1
php7-pdo-7.4.33-150400.4.13.1
php7-pgsql-7.4.33-150400.4.13.1
php7-phar-7.4.33-150400.4.13.1
php7-posix-7.4.33-150400.4.13.1
php7-readline-7.4.33-150400.4.13.1
php7-shmop-7.4.33-150400.4.13.1
php7-snmp-7.4.33-150400.4.13.1
php7-soap-7.4.33-150400.4.13.1
php7-sockets-7.4.33-150400.4.13.1
php7-sodium-7.4.33-150400.4.13.1
php7-sqlite-7.4.33-150400.4.13.1
php7-sysvmsg-7.4.33-150400.4.13.1
php7-sysvsem-7.4.33-150400.4.13.1
php7-sysvshm-7.4.33-150400.4.13.1
php7-test-7.4.33-150400.4.13.2
php7-tidy-7.4.33-150400.4.13.1
php7-tokenizer-7.4.33-150400.4.13.1
php7-xmlreader-7.4.33-150400.4.13.1
php7-xmlrpc-7.4.33-150400.4.13.1
php7-xmlwriter-7.4.33-150400.4.13.1
php7-xsl-7.4.33-150400.4.13.1
php7-zip-7.4.33-150400.4.13.1
php7-zlib-7.4.33-150400.4.13.1

Ссылки

Описание

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP4:apache2-mod_php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bcmath-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bz2-7.4.33-150400.4.13.1
Ссылки

Описание

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.

Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP4:apache2-mod_php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bcmath-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bz2-7.4.33-150400.4.13.1
Ссылки

Описание

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP4:apache2-mod_php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bcmath-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bz2-7.4.33-150400.4.13.1
Ссылки

Описание

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP4:apache2-mod_php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bcmath-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bz2-7.4.33-150400.4.13.1
Ссылки

Описание

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP4:apache2-mod_php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bcmath-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bz2-7.4.33-150400.4.13.1
Ссылки

Описание

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP4:apache2-mod_php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bcmath-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bz2-7.4.33-150400.4.13.1
Ссылки

Описание

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP4:apache2-mod_php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bcmath-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bz2-7.4.33-150400.4.13.1
Ссылки

Описание

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP4:apache2-mod_php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bcmath-7.4.33-150400.4.13.1
SUSE Linux Enterprise Module for Legacy 15 SP4:php7-bz2-7.4.33-150400.4.13.1
Ссылки
Уязвимость SUSE-SU-2022:3997-1