Описание
Security update for php7
This update for php7 fixes the following issues:
-
Version update to 7.4.33:
-
CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont() (bsc#1204979).
-
CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bsc#1204577).
-
Version update to 7.4.32 (jsc#SLE-23639)
-
CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867)
-
CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870)
Список пакетов
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise Module for Package Hub 15 SP3
SUSE Linux Enterprise Module for Web and Scripting 15 SP3
SUSE Linux Enterprise Server 15 SP2-BCL
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
openSUSE Leap 15.3
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2022:4069-1
- E-Mail link for SUSE-SU-2022:4069-1
- SUSE Security Ratings
- SUSE Bug 1203867
- SUSE Bug 1203870
- SUSE Bug 1204577
- SUSE Bug 1204979
- SUSE CVE CVE-2017-8923 page
- SUSE CVE CVE-2020-7068 page
- SUSE CVE CVE-2020-7069 page
- SUSE CVE CVE-2020-7070 page
- SUSE CVE CVE-2020-7071 page
- SUSE CVE CVE-2021-21702 page
- SUSE CVE CVE-2021-21703 page
- SUSE CVE CVE-2021-21704 page
- SUSE CVE CVE-2021-21705 page
- SUSE CVE CVE-2021-21706 page
- SUSE CVE CVE-2021-21707 page
- SUSE CVE CVE-2021-21708 page
- SUSE CVE CVE-2022-31625 page
Описание
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
Затронутые продукты
Ссылки
- CVE-2017-8923
- SUSE Bug 1038980
Описание
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
Затронутые продукты
Ссылки
- CVE-2020-7068
- SUSE Bug 1175203
- SUSE Bug 1175223
Описание
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
Затронутые продукты
Ссылки
- CVE-2020-7069
- SUSE Bug 1177351
Описание
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
Затронутые продукты
Ссылки
- CVE-2020-7070
- SUSE Bug 1177352
Описание
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
Затронутые продукты
Ссылки
- CVE-2020-7071
- SUSE Bug 1180706
- SUSE Bug 1182049
Описание
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
Затронутые продукты
Ссылки
- CVE-2021-21702
- SUSE Bug 1182049
Описание
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
Затронутые продукты
Ссылки
- CVE-2021-21703
- SUSE Bug 1192050
Описание
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
Затронутые продукты
Ссылки
- CVE-2021-21704
- SUSE Bug 1188035
Описание
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
Затронутые продукты
Ссылки
- CVE-2021-21705
- SUSE Bug 1188037
Описание
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
Затронутые продукты
Ссылки
- CVE-2021-21706
- SUSE Bug 1191314
Описание
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
Затронутые продукты
Ссылки
- CVE-2021-21707
- SUSE Bug 1193041
Описание
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Затронутые продукты
Ссылки
- CVE-2021-21708
- SUSE Bug 1196252
Описание
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
Затронутые продукты
Ссылки
- CVE-2022-31625
- SUSE Bug 1200645
Описание
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
Затронутые продукты
Ссылки
- CVE-2022-31626
- SUSE Bug 1200628
Описание
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
Затронутые продукты
Ссылки
- CVE-2022-31628
- SUSE Bug 1203867
Описание
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Затронутые продукты
Ссылки
- CVE-2022-31629
- SUSE Bug 1203870
- SUSE Bug 1222857
Описание
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Затронутые продукты
Ссылки
- CVE-2022-31630
- SUSE Bug 1204979
Описание
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
Затронутые продукты
Ссылки
- CVE-2022-37454
- SUSE Bug 1204577
- SUSE Bug 1204966
- SUSE Bug 1205836