Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:4005-1

Опубликовано: 15 нояб. 2022
Источник: suse-cvrf

Описание

Security update for php8

This update for php8 fixes the following issues:

  • CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bug#81738) (bsc#1204577).

  • CVE-2022-31630: Fixed OOB read due to insufficient input validation in imageloadfont() (bug#81739) (bsc#1204979).

  • version update to 8.0.25 (27 Oct 2022)

    • Session: Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method).
    • Streams: Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set).

Список пакетов

Container bci/php-apache:8
apache2-mod_php8-8.0.25-150400.4.17.1
php8-8.0.25-150400.4.17.1
php8-cli-8.0.25-150400.4.17.1
php8-curl-8.0.25-150400.4.17.1
php8-mbstring-8.0.25-150400.4.17.1
php8-openssl-8.0.25-150400.4.17.1
php8-phar-8.0.25-150400.4.17.1
php8-zip-8.0.25-150400.4.17.1
php8-zlib-8.0.25-150400.4.17.1
Container bci/php-apache:latest
apache2-mod_php8-8.0.25-150400.4.17.1
php8-8.0.25-150400.4.17.1
php8-cli-8.0.25-150400.4.17.1
php8-curl-8.0.25-150400.4.17.1
php8-mbstring-8.0.25-150400.4.17.1
php8-openssl-8.0.25-150400.4.17.1
php8-phar-8.0.25-150400.4.17.1
php8-zip-8.0.25-150400.4.17.1
php8-zlib-8.0.25-150400.4.17.1
Container bci/php-fpm:8
php8-8.0.25-150400.4.17.1
php8-cli-8.0.25-150400.4.17.1
php8-curl-8.0.25-150400.4.17.1
php8-fpm-8.0.25-150400.4.17.1
php8-mbstring-8.0.25-150400.4.17.1
php8-openssl-8.0.25-150400.4.17.1
php8-phar-8.0.25-150400.4.17.1
php8-zip-8.0.25-150400.4.17.1
php8-zlib-8.0.25-150400.4.17.1
Container bci/php-fpm:latest
php8-8.0.25-150400.4.17.1
php8-cli-8.0.25-150400.4.17.1
php8-curl-8.0.25-150400.4.17.1
php8-fpm-8.0.25-150400.4.17.1
php8-mbstring-8.0.25-150400.4.17.1
php8-openssl-8.0.25-150400.4.17.1
php8-phar-8.0.25-150400.4.17.1
php8-zip-8.0.25-150400.4.17.1
php8-zlib-8.0.25-150400.4.17.1
Container bci/php:8
php8-8.0.25-150400.4.17.1
php8-cli-8.0.25-150400.4.17.1
php8-curl-8.0.25-150400.4.17.1
php8-mbstring-8.0.25-150400.4.17.1
php8-openssl-8.0.25-150400.4.17.1
php8-phar-8.0.25-150400.4.17.1
php8-zip-8.0.25-150400.4.17.1
php8-zlib-8.0.25-150400.4.17.1
Container bci/php:latest
php8-8.0.25-150400.4.17.1
php8-cli-8.0.25-150400.4.17.1
php8-curl-8.0.25-150400.4.17.1
php8-mbstring-8.0.25-150400.4.17.1
php8-openssl-8.0.25-150400.4.17.1
php8-phar-8.0.25-150400.4.17.1
php8-readline-8.0.25-150400.4.17.1
php8-zip-8.0.25-150400.4.17.1
php8-zlib-8.0.25-150400.4.17.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP4
apache2-mod_php8-8.0.25-150400.4.17.1
php8-8.0.25-150400.4.17.1
php8-bcmath-8.0.25-150400.4.17.1
php8-bz2-8.0.25-150400.4.17.1
php8-calendar-8.0.25-150400.4.17.1
php8-cli-8.0.25-150400.4.17.1
php8-ctype-8.0.25-150400.4.17.1
php8-curl-8.0.25-150400.4.17.1
php8-dba-8.0.25-150400.4.17.1
php8-devel-8.0.25-150400.4.17.1
php8-dom-8.0.25-150400.4.17.1
php8-embed-8.0.25-150400.4.17.1
php8-enchant-8.0.25-150400.4.17.1
php8-exif-8.0.25-150400.4.17.1
php8-fastcgi-8.0.25-150400.4.17.1
php8-fileinfo-8.0.25-150400.4.17.1
php8-fpm-8.0.25-150400.4.17.1
php8-ftp-8.0.25-150400.4.17.1
php8-gd-8.0.25-150400.4.17.1
php8-gettext-8.0.25-150400.4.17.1
php8-gmp-8.0.25-150400.4.17.1
php8-iconv-8.0.25-150400.4.17.1
php8-intl-8.0.25-150400.4.17.1
php8-ldap-8.0.25-150400.4.17.1
php8-mbstring-8.0.25-150400.4.17.1
php8-mysql-8.0.25-150400.4.17.1
php8-odbc-8.0.25-150400.4.17.1
php8-opcache-8.0.25-150400.4.17.1
php8-openssl-8.0.25-150400.4.17.1
php8-pcntl-8.0.25-150400.4.17.1
php8-pdo-8.0.25-150400.4.17.1
php8-pgsql-8.0.25-150400.4.17.1
php8-phar-8.0.25-150400.4.17.1
php8-posix-8.0.25-150400.4.17.1
php8-readline-8.0.25-150400.4.17.1
php8-shmop-8.0.25-150400.4.17.1
php8-snmp-8.0.25-150400.4.17.1
php8-soap-8.0.25-150400.4.17.1
php8-sockets-8.0.25-150400.4.17.1
php8-sodium-8.0.25-150400.4.17.1
php8-sqlite-8.0.25-150400.4.17.1
php8-sysvmsg-8.0.25-150400.4.17.1
php8-sysvsem-8.0.25-150400.4.17.1
php8-sysvshm-8.0.25-150400.4.17.1
php8-test-8.0.25-150400.4.17.1
php8-tidy-8.0.25-150400.4.17.1
php8-tokenizer-8.0.25-150400.4.17.1
php8-xmlreader-8.0.25-150400.4.17.1
php8-xmlwriter-8.0.25-150400.4.17.1
php8-xsl-8.0.25-150400.4.17.1
php8-zip-8.0.25-150400.4.17.1
php8-zlib-8.0.25-150400.4.17.1
openSUSE Leap 15.4
apache2-mod_php8-8.0.25-150400.4.17.1
php8-8.0.25-150400.4.17.1
php8-bcmath-8.0.25-150400.4.17.1
php8-bz2-8.0.25-150400.4.17.1
php8-calendar-8.0.25-150400.4.17.1
php8-cli-8.0.25-150400.4.17.1
php8-ctype-8.0.25-150400.4.17.1
php8-curl-8.0.25-150400.4.17.1
php8-dba-8.0.25-150400.4.17.1
php8-devel-8.0.25-150400.4.17.1
php8-dom-8.0.25-150400.4.17.1
php8-embed-8.0.25-150400.4.17.1
php8-enchant-8.0.25-150400.4.17.1
php8-exif-8.0.25-150400.4.17.1
php8-fastcgi-8.0.25-150400.4.17.1
php8-fileinfo-8.0.25-150400.4.17.1
php8-fpm-8.0.25-150400.4.17.1
php8-ftp-8.0.25-150400.4.17.1
php8-gd-8.0.25-150400.4.17.1
php8-gettext-8.0.25-150400.4.17.1
php8-gmp-8.0.25-150400.4.17.1
php8-iconv-8.0.25-150400.4.17.1
php8-intl-8.0.25-150400.4.17.1
php8-ldap-8.0.25-150400.4.17.1
php8-mbstring-8.0.25-150400.4.17.1
php8-mysql-8.0.25-150400.4.17.1
php8-odbc-8.0.25-150400.4.17.1
php8-opcache-8.0.25-150400.4.17.1
php8-openssl-8.0.25-150400.4.17.1
php8-pcntl-8.0.25-150400.4.17.1
php8-pdo-8.0.25-150400.4.17.1
php8-pgsql-8.0.25-150400.4.17.1
php8-phar-8.0.25-150400.4.17.1
php8-posix-8.0.25-150400.4.17.1
php8-readline-8.0.25-150400.4.17.1
php8-shmop-8.0.25-150400.4.17.1
php8-snmp-8.0.25-150400.4.17.1
php8-soap-8.0.25-150400.4.17.1
php8-sockets-8.0.25-150400.4.17.1
php8-sodium-8.0.25-150400.4.17.1
php8-sqlite-8.0.25-150400.4.17.1
php8-sysvmsg-8.0.25-150400.4.17.1
php8-sysvsem-8.0.25-150400.4.17.1
php8-sysvshm-8.0.25-150400.4.17.1
php8-test-8.0.25-150400.4.17.1
php8-tidy-8.0.25-150400.4.17.1
php8-tokenizer-8.0.25-150400.4.17.1
php8-xmlreader-8.0.25-150400.4.17.1
php8-xmlwriter-8.0.25-150400.4.17.1
php8-xsl-8.0.25-150400.4.17.1
php8-zip-8.0.25-150400.4.17.1
php8-zlib-8.0.25-150400.4.17.1

Ссылки

Описание

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

Затронутые продукты
Container bci/php-apache:8:apache2-mod_php8-8.0.25-150400.4.17.1
Container bci/php-apache:8:php8-8.0.25-150400.4.17.1
Container bci/php-apache:8:php8-cli-8.0.25-150400.4.17.1
Container bci/php-apache:8:php8-curl-8.0.25-150400.4.17.1
Ссылки

Описание

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Затронутые продукты
Container bci/php-apache:8:apache2-mod_php8-8.0.25-150400.4.17.1
Container bci/php-apache:8:php8-8.0.25-150400.4.17.1
Container bci/php-apache:8:php8-cli-8.0.25-150400.4.17.1
Container bci/php-apache:8:php8-curl-8.0.25-150400.4.17.1
Ссылки
Уязвимость SUSE-SU-2022:4005-1